Google is using machine learning to sort good apps from bad on the Play Store

Security on Android has always been a challenge for Google due to the operating system’s open nature. But in recent years, the company has been gaining ground in its fight against malware and exploits, thanks in part to the use of machine learning and AI to spot problem apps before users install them. Today, the company has described in detail how it’s using one technique — known as peer grouping — to help keep the Play Store purely playful.

Peer grouping is a pretty simple idea. By comparing data about apps that perform similar tasks, say Google’s engineers, they can identify the ones with something to hide. If you’re looking at a group of 20 calculator apps, for example, the app that is asking for permission to access your microphone, location, and phone book is probably up to no good. Google’s new system flags it automatically, and security engineers then swoop in for a closer look.

Google is using machine learning to group apps by function and spot the bad apples.
Image: Google

With machine learning, Google can use peer grouping to scan apps that are being loaded on to the Play Store en masse. A range of metrics are used to group apps into clusters, including their description, their metadata (how big the file size is for example), and statistics like how many times they’ve been installed. A new peer group is created for each app, as Google says using set categories — like “productivity” and “games” — are “too coarse and inflexible” to follow the changing distinctions of the app world. Similarly, grouping them by hand would take too long. Once grouped, the bad apples can be picked out of the barrel.

“We focus on signals that can negatively affect user privacy, such as permission requests that are not related to core app functionality, and the actual, observed behaviors,” explains Martin Pelikan of Google’s security and privacy team over email. “For example, a flashlight app might not need access to address book of the user or the precise hardware identifier of a user’s phone. The same might hold for many other apps, such as ‘mirror’ apps that turns on a device’s front-facing camera.”

Techniques like this seem to be making a difference for Google. In its most recent annual Android security review, the percentage of users who had installed harmful apps from the official Play Store fell from 0.15 percent in 2015 to 0.05 percent in 2016.

However, data from that same review highlights the fact that Google has to watch more vectors of attack than just the official channels. Many users — particularly those in China — install Android apps from alternative app stores, which the company doesn’t have control over. And when taking these into account, the number of individuals installing bad apps actually rose slightly, from 0.5 percent in 2015 to 0.7 percent in 2016. Machine learning, it seems, can only do so much.

Comments

In my days, any piece of algorithmic logic didn’t have to be labeled as "machine learning".
But I’m getting old.

Machine learning is a much more sexy term than algorithm.

Sorry, but Peer Grouping (or automatically grouping random sets of things) is actually something that can only be done by Machine Learning.

That’s the point of the article; Google is moving away from the inflexible and ineffective algorithms they were previously using.

However, data from that same review highlights the fact that Google has to watch more vectors of attack than just the official channels. Many users — particularly those in China — install Android apps from alternative app stores, which the company doesn’t have control over. And when taking these into account, the number of individuals installing bad apps actually rose slightly, from 0.5 percent in 2015 to 0.7 percent in 2016. Machine learning, it seems, can only do so much.

Should Google even care about users that aren’t using it’s Play Store or it’s services?

Yes. Because when an Android phone gets malware, it makes them look bad, even if they had no control over the reason it got infected.

Ah, but apparently it can’t be called or marketed as an "Android" device if it doesn’t run Google Play Services.

The Chinese manufacturers who make those phones generally build their OS (MIUI, EMUI, etc) on top of AOSP build Google releases, but they don’t have any Google services running on them. They aren’t marketed as Android, and have absolutely no Google branding anywhere.

Yeah, but it’s one toggle to allow people to install off-market apps. I do it all the time with my Humble Bundle app and with Amazon Apps. Other people go to shady websites and install the APKs by hand. Every Android Phone allows this. You don’t have to disable Google Services to install 3rd party apps. You just have to allow them to run on your phone.

You know you’re taking a risk when you do that?

I’m sure Humble Bundle and Amazon apps have their own security measures, but if you’re downloading APKs from shady websites, you deserve whatever happens to you.

No shit Sherlock. That was my whole point from the beginning.

Do you even read ,bro?

Wow genius, nice on you to comment on other peoples reading abilities when you’re missing the point yourself.

Yes. Because when an Android phone gets malware, it makes them look bad, even if they had no control over the reason it got infected.

It does not make them look bad because
- Chinese Android phones do not have any Google or Android branding. It will not tarnish their image in China in any way, seeing as how they’re banned from the market anyways.
- People outside of China, who install apps from non Play Store sources know that they are taking a risk. If something goes wrong, they know they only have themselves to blame.

I am refuting your initial statement that it will tarnish Google’s image. Hope this makes it clear.

View All Comments
Back to top ↑