The big secret behind Google Play Protect on Android

Credit to Author: JR Raphael| Date: Tue, 25 Jul 2017 09:04:00 -0700

Have you heard the news? Your Android device is in the midst of being updated to include Google’s comprehensive new security suite, Google Play Protect.

Play Protect, as you may recall, was one of the biggest bullet points to come out of this year’s Google I/O keynote address. It’s a “doubled-down” effort around Android security, as Google explains it, and it’s designed to ensure every Android device is always protected from any form of harm.

(Well, except for the kind of harm you yourself inflict when you drop your own phone in the commode. Seriously, how do you keep doing that?!)

Make no mistake about it: This is a good thing. Security on Android has been an area of perpetual concern for many people, and all it takes is a skimming of the latest Big, Bad Virus™ scare campaign to see why. (Surely you’re familiar with the Android malware monster by now, right?)

But in all the discussion of Google Play Protect and all the coverage of every Big, Bad Virus™ that comes along, there’s one significant detail that almost always gets omitted. Ready? Brace yourself:

Pretty much everything Play Protect accomplishes has been a part of Android for ages.

It’s true: All those impressive-sounding security measures aren’t actually new; they’re just rebranded to be more memorable and repositioned to be more visible.

Not convinced? Let’s break down Play Protect’s primary features:

1. It scans Play Store apps for any signs of malware.

An essential measure, to be sure — and one Google’s been doing in this same basic manner since 2012.

2. It monitors apps on your device for any signs of shady behavior.

Google also introduced this in 2012 (and then launched it more broadly in 2013) with the initial goal of addressing apps installed from unofficial, non-Play-Store sources. It expanded the system in 2014 to include continuous monitoring of all apps on all devices.

3. It allows you to remotely locate, lock, and optionally wipe your device.

A handy and highly useful function that — yup, you guessed it — has been natively available in Android since 2013.

4. It warns you about websites that might serve up malware or try to trick you into providing personal information.

Also known as Chrome’s Safe Browsing for Android — a feature that’s been around since 2015.

Now, hang on a second: If you think the point of this column is to pooh-pooh Play Protect and suggest it somehow isn’t important, let me stop you right there. That’s not at all what I’m getting at here.

My point is actually just the opposite: that all the things Play Protect does are incredibly important. But the plain and simple fact is that these same forms of protection have been in place on Android for years — and yet most folks had no idea they were present. They were easily overlooked, and you basically had to be a dedicated tech enthusiast to know they existed. Every misguided Android security story we’ve seen over the past several years serves as a painstaking reminder of that.

And that, dear readers, is why Play Protect matters — not because its functionality is newly glistening but because the repositioning it provides could help fix the problem of perception Google’s long battled in the Android security arena. Google tends to be pretty good at doing things, y’know, but not so great at marketing them and making regular customers aware of their strengths. 

What we’re seeing with Play Protect right now is almost certainly just the beginning of a multipart correction. As it stands, to get to the newly centralized Play Protect page on your phone, you have to go into the Google section of your system settings, scroll all the way down to find the “Security” section there (not to be confused with the other “Security” section in the main system settings menu) — then tap on Google Play Protect on the next page of options that appears. That’s not exactly a highly visible or easily discoverable area, and one can only hope that Google plans to put this info in a more prominent place in the future.

Play Protect’s current implementation: better than before but still a bit buried

We do know that Play Protect will soon gain placement within the Play Store as well. And it only makes sense to assume that what we’re seeing on the operating system level is merely an initial dipping of toes into water — the best Google can do with a universally deliverable behind-the-scenes Play Services update and without the need for a full-fledged OS-level change (not to mention a likely tweak to its licensing agreement that’d make sure third-party device-makers don’t mess with any primary-settings-level placement).

But — insert dramatic pause here — it’s a start. And compared to the inconsistently named and often invisible measures that were in place before, it’s an immeasurable improvement in how Android security is publicly presented.

So, no, despite how it may seem on the surface, Play Protect isn’t about Google somehow “fixing” Android security. What Play Protect accomplishes functionally is nothing new — and with all those layers of protection having long been in place, malware on Android has never truly been a practical, real-world problem on any meaningful scale. The perception of malware, however, has been a substantial ongoing issue for the platform.

And that’s what Play Protect is ultimately all about: improving the visibility and awareness of Google’s long-standing systems for keeping Android devices safe. It’s a positive and overdue step — and the context surrounding it is as important as the effort itself.

http://www.computerworld.com/category/security/index.rss