Android has a bit of a malware problem. The open ecosystem's flexibility also makes it relatively easy for tainted apps to circulate on third-party app stores or malicious websites. Worse still, malware-ridden apps sneak into the official Play Store with disappointing frequency. After grappling with the issue for a decade, Google is calling in some reinforcements.

This week, Google announced a partnership with three antivirus firms—ESET, Lookout, and Zimperium—to create an App Defense Alliance. All three companies have done extensive Android malware research over the years, and have existing relationships with Google to report problems they find. But now they'll use their scanning and threat detection tools to evaluate new Google Play submissions before the apps go live—with the goal of catching more malware before it hits the Play Store in the first place.

"On the malware side we haven’t really had a way to scale as much as we’ve wanted to scale," says Dave Kleidermacher, Google's vice president of Android security and privacy. "What the App Defense Alliance enables us to do is take the open ecosystem approach to the next level. We can share information not just ad hoc, but really integrate engines together at a digital level, so that we can have real-time response, expand the review of these apps, and apply that to making users more protected."

It's not often that you hear someone at Google—a company of seemingly limitless size and scope—talk about trouble operating a program at the necessary scale.

Each antivirus vendor in the alliance offers a different approach to scanning app files called binaries for red flags. The companies are looking for anything from trojans, adware, and ransomware to banking malware or even phishing campaigns. ESET's engine uses a cloud-based repository of known malicious binaries along with pattern analysis and other signals to assess apps. Lookout has a trove of 80 million binaries and app telemetry that it uses to extrapolate potential malicious activity. And Zimperium uses a machine learning engine to build a profile of potentially bad behavior. As a commercial product, Zimperium's scanner works on the device itself for analysis and remediation rather than relying on the cloud. For Google, the company will essentially give a rapid yes or no on whether apps need to be individually examined for malware.

As Tony Anscombe, ESET's industry partnerships ambassador puts it, "Being part of a project like this with the Android team allows us to actually start protecting at the source. It’s much better than trying to clean up afterwards."

Ars Technica