Jack Wallen addresses the upcoming change to the Verify app system for the prevention of malware on the Android platform.
The developers of the Android platform have something rather special in mind that will go a long way to prevent malware from infiltrating the barriers of your mobile devices. Beginning with Android 4.2, a Verify app system was created that watches for new apps — especially ones that are side-loaded (not installed from the Google Play Store). This real-time app scanning service instantly scans an app (upon installation) for suspect malware.
If you go to Settings | Security, you’ll find the entry called Verify apps (Figure A). When it's enabled, Verify apps will warn you before you install any app that may cause harm.
Verify app settings on a Verizon-branded Motorola Moto X.
Once your Android device was upgraded to 4.2, this opt-in service should have prompted you the first time you installed an app. However, it didn’t really prevent malware from getting onto the devices. Since the release of 4.2, the onslaught of malicious software has increased significantly, because the Verify app feature really only bothered with side-loaded applications. Google must have assumed every app in the app store was safe, but we know this isn't true.
Soon, the Verify app system will extend beyond initial install and continue to monitor your device for malware. This means that when a new threat is discovered, your Verify app system will update and check your device against that threat. If it discovers malware, it will alert you. This will work in conjunction with another verification system (one on the Google Play Store servers), so the protection against malware should see a significant improvement.
When will this happen? That is the big unknown. Google says that it will arrive in a future Google Play Store update. My guess is that they're making sure this system, which continuously scans for malware, isn’t going to do the one thing most Android users are concerned with — that is, further drain the device battery.
In this case, I don’t think users should be concerned. The battery life of most phones has improved enough that the additional layer of security gained by such a system will be well worth what extra drain the real-time Verify app will add. But, if you’re really concerned about yet another service running, fear not — the Verify app is currently an opt-in solution and will probably remain as such.
I’m all for Google making the Android platform as secure as possible. I also firmly believe that they can pull off such a feat without insisting an Apple-level lockdown on their users. You’ll still have the freedom to disable Verify, but I’m certain — as malware continues to rise everywhere — that you’ll want to keep it running.
Is Google right in taking Android in this direction? If you had control over the situation, what would you do to prevent malware from reaching Android devices? Share your opinion and thoughts in the discussion thread below.