Google’s recently launched Play Protect, an anti-malware service that’s built-in to Android 8.0 Oreo, will help it ensure Android hardware makers ship secure handsets.
Google doesn't have the same level of control over Android hardware as Apple does over the iPhone, but Google can manage risks associated with such a vast ecosystem via Android certification.
Historically Google hasn’t communicated to consumers which of the thousands of devices in the Android ecosystem it has certified as ‘safe and secure’, but it now will start using the Play Protect logo to communicate this.
The green shield logo will soon start appearing on the packaging of new devices, signaling that Google has certified the device.
Play Protect comes with Android 8.0 Oreo and has been rolling out to some existing devices that support Google's bundle of apps under Google Mobile Services (GMS).
Play Protect is essentially a rebranding of Verify Apps, which performed anti-malware services in the background and didn’t have its own branding. Play Protect is a more visible part of the Play Store app, helping communicate to users that Google's Android does have built-in defences against malware.
Though Google insists in its annual security report that actual malware infections remain extremely low, there are frequent reports of malicious apps slipping into its Play Store and infecting more cautious users who disable installs from outside Google’s official store. Google recently removed 300 apps from the Play Store that were part of a project to build an army of Android devices to take down websites with junk traffic.
Google’s Android device certification covers a range of security factors, including “hundreds of compatibility tests” with manufacturers to ensure devices follow the Android security and permissions model.
Google also verifies that its own GMS apps like Gmail and YouTube that are pre-installed on devices are actually legit, and that apps from its Play Store work as intended.
The aim is to ensure end-users have a “secure and stable” experience on Android, which hasn't been easy for Google to deliver. The search company is attempting to fix the Android-version fragmentation problem with Project Treble.
Google won’t allow hardware makers to use the Play Protect logo unless the device ships with Google Play Protect, according to Google’s India blog.
“Certified devices also come with Google Play Protect (हिंदी में) out-of-the-box, providing users with a suite of security features that include automatic device scanning for malware. This provides baseline protection against malware, privacy hacks and more,” it notes.
It goes on to recommend buyers ask mobile phone sellers for a certified device or to look for the “Google Play Protect logo on the box” to ensure it really does come with the built-in service.