Google asks mobile security vendors to help keep hackers out of the Play Store

In announcing the partnership, Google acknowledged that the current processes for reporting malicious apps “aren’t designed to scale.”
the software pulls information from Facebook Messenger, WhatsApp, and Line, an end-to-end encrypted messaging application that's popular in Asia. (Flickr user <a href="">StevenW</a> / CC-BY-2.0)

Google announced Wednesday it would work with multiple cybersecurity companies to better secure the Google Play Store, which hackers have repeatedly used to distribute malicious software.

Google’s decision to collaborate with ESET, Lookout, and Zimperium is an acknowledgement of the challenges of securing the Play Store and the countless devices that interact with it. Each company has distinguished itself by releasing research detailing how hackers are using mobile apps to spread nefarious code.

Google will integrate its Google Play malware detection systems with each of those companies’ anti-virus scanning engines. That will allow the companies to do an extra layer of vetting before an app appears in the Play Store.

In announcing the App Defense Alliance, as the partnership is known, Google acknowledged that the current processes for reporting malicious apps in and out of the Play Store “aren’t designed to scale.”


With over 2.5 billion Android devices in use, the scale of the security challenge is staggering. In 2017, security specialists removed roughly 700,000 malicious apps from the Play Store. In but one illustration of the issue, last January, cybersecurity company Trend Micro found spyware that had been downloaded over 100,000 times from the Play Store. The malware was capable of stealing call logs and SMS conversations from a target’s phone.

Apple has had to remove shady apps, too, but not nearly on the same scale as in the Play Store, where developers can more easily hide malicious functionality behind encrypted code or delay its activation.

“We hand-picked these partners based on their successes in finding potential threats and their dedication to improving the ecosystem,” Dave Kleidermacher, Google’s vice president of Android security and privacy, wrote in a blog.

Lookout said the alliance would help the company step up its work on mobile security.

“Even before this partnership, Lookout worked closely with Google to help them remove mobile app threats from the Google Play Store, such as ViperRAT, Desert Scorpion, and BeiTaAd,” Lookout said. “With the launch of the App Defense Alliance, Lookout will now be able to identify these sort[s] of malicious apps before they ever become a threat to the general public.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts