Google Play adds humans to the app review process

Automated checks are just one part of the process, now humans will screen code too

android malware

Google has announced that they're taking additional measures to lower the amount of malicious code appearing in the Google Play store.

Eunice Kim, product manager for Google Play, outlined the manual changes on the Android Developers Blog, confirming that the process has existed for two months.

Now, when developers upload an application, it's checked by the usual automated scans, but a human will also perform additional screening.

"We value the rapid innovation and iteration that is unique to Google Play, and will continue to help developers get their products to market within a matter of hours after submission, rather than days or weeks. In fact, there has been no noticeable change for developers during the rollout," Kim wrote.

The manual checks are performed by a team of experts who will check for malware. An additional process will require developers to answer questionnaires that will help assign age-based ratings.

"The move by Google is a good sign ­ the more eyes on the unsafe mobile app problem the better. In addition to the increasing threat of mobile malware, is the increasing exfiltration of sensitive data by seemingly legitimate apps. While other apps have been specifically designed to perform malicious actions other apps unknowingly access insecure third-party libraries and frameworks," Veracode's VP of Mobile, Theodora Titonis, told Salted Hash.

"Existing approaches for addressing unsafe mobile apps ­ such as manual processes - are difficult to scale because of the sheer size and constantly-changing nature of the problem. We often see mistakes from manual-only processes so pairing this with automation, including static and behavioral analysis, is always a good idea. This will also help with the turn-around time for developers who may not want to wait weeks before their app is published and producing revenue."

Another change centers on the rejection process. Google says that developers will have more insight into why apps are rejected or suspended, offering them a chance to fix the app and resubmit after running afoul of minor policy violations.

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)