Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E.R." Newsgroups: comp.mobile.android Subject: Re: Does Android scan every app you install or only apps installed from the Google Play Store? Date: Tue, 4 Jun 2024 00:36:58 +0200 Lines: 42 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net 6gMWXli8ljP5hFNJJOZ99gu9w3ipgqpOgFhF9YNdqMdn2yn7jJ X-Orig-Path: Telcontar.valinor!not-for-mail Cancel-Lock: sha1:6Jal0WDszqcQYjOeAhotSBpSM98= sha256:q72SNb5tSe54pOlPYxPFwbsv/j4WA+s/vrmM6E22lLg= User-Agent: Mozilla Thunderbird Content-Language: es-ES, en-CA In-Reply-To: Bytes: 2782 On 2024-06-03 17:36, Arno Welzel wrote: > Carlos E.R., 2024-06-03 15:34: > >> On 2024-06-03 14:11, Arno Welzel wrote: > [...] >>> Also see: Settings -> Security & privacy -> App security -> Play protect >>> and the the "Play Protect settings" you can open with the settings icon >>> on the top right. In these settings there is also the following option, >>> which is enabled by default: >>> >>> Improve harmful app detection >>> Send unknown apps to Google for better detection >>> >>> And "unknown apps" means apps which you did not install using Google >>> Play but by using an APK file or alternative sources like F-Droid. >> >> I assume that applications on the google play server are scanned "by the >> server", in advance, and other applications are scanned later, dunno if >> locally or after they are uploaded for scan at the server. Oh, rather >> the later: it says "Send unknown apps to Google for better detection" > > I assume, Google Play services create some kind of signature for every > app and maintain a catalogue of known signatures of malicious apps and > app versions. Whenever a new app from outside of Google Play is > installed, the check will be, if the signature of that app is already > known and if not, it will be send for verification to the Google Play > servers where it will get scanned and the signature along with the scan > result will be stored. So next time the same app package will be > installed by someone else, Google Play already knows the signature and > can warn the user or stop the installation if the app is known to be > malicious. > Probably. However, if a single download is found malicious, all downloads of the same name will be flagged as suspicious, I suppose. -- Cheers, Carlos.