Google Play Protect includes on-device capabilities that help keep devices and data safe. These on-device services integrate with cloud-based components that allow Google to push updates that constantly improve their functionality.
PHA scanning services
Google Play Protect leverages cloud-based app-verification services to determine if apps are Potentially Harmful Applications (PHAs). Google Play Protect scans Android devices for evidence of PHAs.
Daily PHA scan
Google Play Protect's Verify Apps service scans devices once everyday. If a PHA is found, a notification asks the user to remove it. In cases where the PHA has no benefit to users, Google Play Protect can remove the PHA from affected devices and block future installs. Daily scanning allows Google Play Protect to respond quickly to a detected threat, reducing how long users could be exposed to the threat and how many devices may be affected. 93% of PHAs are discovered by the on-device daily scan. To conserve data, these daily scans only contact Google servers to request verification when a suspected PHA is detected.
Though Google Play Protect works in the background, users can check when their device was last scanned and view the list of scanned apps in the Google Play Protect section of their Google Play app. Learn how to check your device's security status.
On-demand PHA scan
In addition to a lightweight, daily, automatic scan, users can start a full-device scan at any time. Upon request, the device contacts Google servers for the latest information and scans all apps on the device. If a harmful app is discovered, Google Play Protect notifies the user to take action or takes action on their behalf. This visibility gives users peace of mind that they have the latest protection at all times.
Offline PHA scan
A little more than a quarter of new PHA installations occur when a device is offline or has lost network connectivity. To address this, Google Play Protect has offline scanning, which helps prevent well-known PHAs from being installed offline. When the device regains network connectivity, it undergoes a full scan.
More than 300 million PHA installs are blocked annually by Google Play Protect's offline scanning.
Automatically disable PHAs
Some PHAs are more harmful than others and we treat them differently depending on the PHA classification. The most harmful PHAs are automatically removed from the device, while less severe PHAs are disabled. A disabled app is unusable but remains on the device, and any data associated with the app is recoverable. When an app is automatically disabled, users are notified and can make the decision to remove the app or re-enable it to make it usable again. If no action is taken, the app remains disabled.
Find My Device
Find My Device helps users keep their devices secure even when the device gets lost. Users can use Find My Device to locate an Android phone, tablet, or Wear OS watch and even lock or erase the data on the device. Find My Device is enabled by default on all Android devices running Android 4.4 and higher. There are no additional installations required, simply open https://www.google.com/android/find to do any of the following:
- View the device's last known location. If the device isn't connected to the internet and can't report its current location, Find My Device displays the last known location of the device from the user's Google Maps location history. Users can also launch Maps' location timeline from the Find My Device app so they can retrace their steps.
- View the device's last connected Wi-Fi access point. Helps determine the location of a lost device even if the device can't be reached to report its location.
- View the device's battery level. Helps users estimate how much longer they can reach their phone.
- Easily manage multiple devices and only select the lost device.
- Lock the device so no one else can access it.
- Erase the device if physical recovery isn't possible, keeping their data secure.
- Play a sound from the device's speaker to help them locate it nearby.
To use Find My Device, the lost device must:
- Be turned on.
- Be signed in to a Google account.
- Be connected to mobile data or Wi-Fi.
- Be visible on Google Play.
- Have Location turned on.
- Have Find My Device turned on.
Android Wear and Google Home also support Find My Device. Users can find their watch with their phone and their phone with their watch (as long as both devices have Location enabled) or ask their Google Home to find their device by saying, "OK Google, where is my phone?"
SafetyNet allows devices to contribute security-related information to Google's cloud-based services. This can include information about security events, logs, configurations, and other security-related details.
The SafetyNet APIs allow developers to improve app security by providing a set of services that help protect apps against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users.
The Attestation API helps assess the security and compatibility of the Android environments in which your apps run. You can use this API to analyze devices that have installed your app.
To learn more about the SafetyNet Attestation API, navigate to the following links:
- Blog post: 10 things you might be doing wrong when using the SafetyNet Attestation API
- GitHub: Samples for the Google SafetyNet Attestation API
The Safe Browsing API protects users against threats by allowing apps to check URLs against lists of unsafe web resources, such as social engineering sites (phishing and deceptive sites), and sites that host PHAs or unwanted software. When users attempt to visit an unsafe web resource, their Safe Browsing-supported browser displays a warning.
Safe Browsing is an opt-in feature that developers can use to protect users from phishing and PHA host sites in the app's WebView.
Developers and enterprises can use the Verify Apps API to determine if a device is compatible with Google Play Protect and identify any known PHAs that are installed on the device. For details, see the SafetyNet Verify Apps API blog post.
PHA developer appeal
If your app was flagged by Google Play Protect as harmful, review Google's guidelines for developing mobile applications and Google's policy on unwanted software. If you believe your app is being incorrectly flagged or blocked by Google Play Protect, you can file an appeal.