rotten news relay - comp.mobile.android - Does Android scan every app you install or only apps installed from the Google Play Store?

Subject: Does Android scan every app you install or only apps installed from the Google Play Store?
From: Wolf Greenblatt
Newsgroups: comp.mobile.android
Organization: Private News Server
Date: Sun, 2 Jun 2024 21:13 UTC

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.hispagatos.org!news.samoylyk.net!.POSTED.public-nat-14.vpngate.v4.open.ad.jp!not-for-mail
From: wolf@greenblatt.net (Wolf Greenblatt)
Newsgroups: comp.mobile.android
Subject: Does Android scan every app you install or only apps installed from the Google Play Store?
Date: Sun, 2 Jun 2024 17:13:56 -0400
Organization: Private News Server
Message-ID: <v3inaj$2cj3i$1@news.samoylyk.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 2 Jun 2024 21:13:56 -0000 (UTC)
Injection-Info: news.samoylyk.net; posting-host="public-nat-14.vpngate.v4.open.ad.jp:219.100.37.246";
logging-data="2509938"; mail-complaints-to="abuse@samoylyk.net"

View all headers

By default, does Android scan every app you install for malware,
or does Android only scan apps installed from the Google Play Store?

Subject: Re: Does Android scan every app you install or only apps installed from the Google Play Store?
From: Arno Welzel
Newsgroups: comp.mobile.android
Date: Mon, 3 Jun 2024 12:11 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: usenet@arnowelzel.de (Arno Welzel)
Newsgroups: comp.mobile.android
Subject: Re: Does Android scan every app you install or only apps installed
from the Google Play Store?
Date: Mon, 3 Jun 2024 14:11:31 +0200
Lines: 27
Message-ID: <lc5q7iFt7dnU1@mid.individual.net>
References: <v3inaj$2cj3i$1@news.samoylyk.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 5hi1QXHn753pX0N6zYiw/g7aQKZZdDR0ZOPGeHalSxjeG1C4b5
Cancel-Lock: sha1:EMWLY8tE7CVAayxFHTtT7Euvs3M= sha256:OHnweWLnWeEQFyRTg++lm5SlRQKNSEkIfuMVolo8JSo=
Content-Language: de-DE
In-Reply-To: <v3inaj$2cj3i$1@news.samoylyk.net>

View all headers

Wolf Greenblatt, 2024-06-02 23:13:

> By default, does Android scan every app you install for malware,
> or does Android only scan apps installed from the Google Play Store?

That also depends on the device as well since some manufactures modify
the official version of Android to their needs and some provide their
own security solutions like Xiaomi.

However, by default Android will scan every app regardless where it came
from.

Also see: Settings -> Security & privacy -> App security -> Play protect
and the the "Play Protect settings" you can open with the settings icon
on the top right. In these settings there is also the following option,
which is enabled by default:

Improve harmful app detection
Send unknown apps to Google for better detection

And "unknown apps" means apps which you did not install using Google
Play but by using an APK file or alternative sources like F-Droid.

--
Arno Welzel
https://arnowelzel.de

Subject: Re: Does Android scan every app you install or only apps installed from the Google Play Store?
From: Carlos E.R.
Newsgroups: comp.mobile.android
Date: Mon, 3 Jun 2024 13:34 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_listas@es.invalid (Carlos E.R.)
Newsgroups: comp.mobile.android
Subject: Re: Does Android scan every app you install or only apps installed
from the Google Play Store?
Date: Mon, 3 Jun 2024 15:34:05 +0200
Lines: 32
Message-ID: <dbt0jkx1a7.ln2@Telcontar.valinor>
References: <v3inaj$2cj3i$1@news.samoylyk.net>
<lc5q7iFt7dnU1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net bv5J6GTMZIWinpZ6i2+xiARDs0MoEy/H+RL/ZBt0b5MOkQ4wGW
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:GBjpq4Izd5RSa/1jX0/KZzJNfVY= sha256:MA0gWFK6S7uQLh+2ZCAI0UYH+g0JSVV6YWnnUq/Vvus=
User-Agent: Mozilla Thunderbird
Content-Language: es-ES, en-CA
In-Reply-To: <lc5q7iFt7dnU1@mid.individual.net>

View all headers

On 2024-06-03 14:11, Arno Welzel wrote:
> Wolf Greenblatt, 2024-06-02 23:13:
>
>> By default, does Android scan every app you install for malware,
>> or does Android only scan apps installed from the Google Play Store?
>
> That also depends on the device as well since some manufactures modify
> the official version of Android to their needs and some provide their
> own security solutions like Xiaomi.
>
> However, by default Android will scan every app regardless where it came
> from.
>
> Also see: Settings -> Security & privacy -> App security -> Play protect
> and the the "Play Protect settings" you can open with the settings icon
> on the top right. In these settings there is also the following option,
> which is enabled by default:
>
> Improve harmful app detection
> Send unknown apps to Google for better detection
>
> And "unknown apps" means apps which you did not install using Google
> Play but by using an APK file or alternative sources like F-Droid.

I assume that applications on the google play server are scanned "by the
server", in advance, and other applications are scanned later, dunno if
locally or after they are uploaded for scan at the server. Oh, rather
the later: it says "Send unknown apps to Google for better detection"

--
Cheers, Carlos.

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: usenet@arnowelzel.de (Arno Welzel)
Newsgroups: comp.mobile.android
Subject: Re: Does Android scan every app you install or only apps installed
from the Google Play Store?
Date: Mon, 3 Jun 2024 17:36:38 +0200
Lines: 35
Message-ID: <lc6685Fg23U1@mid.individual.net>
References: <v3inaj$2cj3i$1@news.samoylyk.net>
<lc5q7iFt7dnU1@mid.individual.net> <dbt0jkx1a7.ln2@Telcontar.valinor>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 9e3BDa1gGvlgEDkekhVMmgvM9I5F19t6IrkrEjJSfTXykPLDsM
Cancel-Lock: sha1:NWqPh3sSz7nCswcfAUDwQayRUTs= sha256:K7uVYd44pyAR5f1f9lNsmoh8/KBU2AEWsyXlv1ZQxJk=
Content-Language: de-DE
In-Reply-To: <dbt0jkx1a7.ln2@Telcontar.valinor>

View all headers

Carlos E.R., 2024-06-03 15:34:

> On 2024-06-03 14:11, Arno Welzel wrote:
[...]
>> Also see: Settings -> Security & privacy -> App security -> Play protect
>> and the the "Play Protect settings" you can open with the settings icon
>> on the top right. In these settings there is also the following option,
>> which is enabled by default:
>>
>> Improve harmful app detection
>> Send unknown apps to Google for better detection
>>
>> And "unknown apps" means apps which you did not install using Google
>> Play but by using an APK file or alternative sources like F-Droid.
>
> I assume that applications on the google play server are scanned "by the
> server", in advance, and other applications are scanned later, dunno if
> locally or after they are uploaded for scan at the server. Oh, rather
> the later: it says "Send unknown apps to Google for better detection"

I assume, Google Play services create some kind of signature for every
app and maintain a catalogue of known signatures of malicious apps and
app versions. Whenever a new app from outside of Google Play is
installed, the check will be, if the signature of that app is already
known and if not, it will be send for verification to the Google Play
servers where it will get scanned and the signature along with the scan
result will be stored. So next time the same app package will be
installed by someone else, Google Play already knows the signature and
can warn the user or stop the installation if the app is known to be
malicious.

--
Arno Welzel
https://arnowelzel.de

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: robin_listas@es.invalid (Carlos E.R.)
Newsgroups: comp.mobile.android
Subject: Re: Does Android scan every app you install or only apps installed
from the Google Play Store?
Date: Tue, 4 Jun 2024 00:36:58 +0200
Lines: 42
Message-ID: <a5t1jkxnhs.ln2@Telcontar.valinor>
References: <v3inaj$2cj3i$1@news.samoylyk.net>
<lc5q7iFt7dnU1@mid.individual.net> <dbt0jkx1a7.ln2@Telcontar.valinor>
<lc6685Fg23U1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net 6gMWXli8ljP5hFNJJOZ99gu9w3ipgqpOgFhF9YNdqMdn2yn7jJ
X-Orig-Path: Telcontar.valinor!not-for-mail
Cancel-Lock: sha1:6Jal0WDszqcQYjOeAhotSBpSM98= sha256:q72SNb5tSe54pOlPYxPFwbsv/j4WA+s/vrmM6E22lLg=
User-Agent: Mozilla Thunderbird
Content-Language: es-ES, en-CA
In-Reply-To: <lc6685Fg23U1@mid.individual.net>

View all headers

On 2024-06-03 17:36, Arno Welzel wrote:
> Carlos E.R., 2024-06-03 15:34:
>
>> On 2024-06-03 14:11, Arno Welzel wrote:
> [...]
>>> Also see: Settings -> Security & privacy -> App security -> Play protect
>>> and the the "Play Protect settings" you can open with the settings icon
>>> on the top right. In these settings there is also the following option,
>>> which is enabled by default:
>>>
>>> Improve harmful app detection
>>> Send unknown apps to Google for better detection
>>>
>>> And "unknown apps" means apps which you did not install using Google
>>> Play but by using an APK file or alternative sources like F-Droid.
>>
>> I assume that applications on the google play server are scanned "by the
>> server", in advance, and other applications are scanned later, dunno if
>> locally or after they are uploaded for scan at the server. Oh, rather
>> the later: it says "Send unknown apps to Google for better detection"
>
> I assume, Google Play services create some kind of signature for every
> app and maintain a catalogue of known signatures of malicious apps and
> app versions. Whenever a new app from outside of Google Play is
> installed, the check will be, if the signature of that app is already
> known and if not, it will be send for verification to the Google Play
> servers where it will get scanned and the signature along with the scan
> result will be stored. So next time the same app package will be
> installed by someone else, Google Play already knows the signature and
> can warn the user or stop the installation if the app is known to be
> malicious.
>

Probably.

However, if a single download is found malicious, all downloads of the
same name will be flagged as suspicious, I suppose.

--
Cheers, Carlos.

Cheer Up! Things are getting worse at a slower rate.

comp / comp.mobile.android / Does Android scan every app you install or only apps installed from the Google Play Store?

Subject	Author
Does Android scan every app you install or only apps installed from the Google P	Wolf Greenblatt
Re: Does Android scan every app you install or only apps installed from the Goog	Arno Welzel
Re: Does Android scan every app you install or only apps installed from the Goog	Carlos E.R.
Re: Does Android scan every app you install or only apps installed from the Goog	Arno Welzel
Re: Does Android scan every app you install or only apps installed from the Goog	Carlos E.R.