y back when Android 4.2 lly Bean was released, added a feature called Verify Apps that sought to protect users who inadvertently may have downloaded a piece of malware attempted to side-load it onto their phone. The service, which is enabled by default on all Android devices, scans apps that are installed from sources other than the ay Store, warns the user if they may be potentially harmful.
It’s so silent unobtrusive, most users don’t even know Verify Apps is running, which also means they don’t know when it’s not running. As explains in a blog post, that could be the result of an app that has snuck by its gate-keeping purposefully turned it off, opening the door for potential problems. calls these devices Dead or Insecure (DOI), in turn, if an app has a high percentage of DOI devices downloading it, it will be considered a DOI app. That’s where ’s security wizardry comes into play.
As software engineer Megan Ruthven explains, has developed a metric “to identify the security-related reasons that devices stop working prevent it from happening in the future.” If a device has stopped using Verify Apps, dives into the apps that device has installed checks their retention rate—the number of devices that have downloaded a particular app with Verify Apps switched on—to come up with a DOI score. If the app has a low score, meaning a high number of devices without Verify Apps has downloaded it in one day, will investigate further, take steps to remove block future installation if necessary.
says it has flagged more than 25,000 DOI apps to be part of the Hummingbird, Ghost sh, Gooligan malware families “because they can degrade the Android experience to such an extent that a non-negligible amount of users factory reset or abon their devices.” As Ruthven writes, without the DOI score, “many of them would have escaped the extra scrutiny of a manual review.”
To check if your device has Verify Apps turned on, go to the Security tab in Settings (or in the tab on xels some other phones), make sure the Scan device for security threats toggle under Verify apps has been turned blue.
The impact on you at home: read a lot about malware on our Android devices, but we don’t always hear what is doing about it. This blog post is a fascinating look at how is monitoring the Android community to find flag potentially harmful apps keep our devices safe. However, just as will keep coming up with ways to fight them, malware apps will continue to be a threat, as always, the best way to avoid them is to strictly download from the ay Store other trusted sources.