• LWD@lemm.ee
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    9 months ago

    Is there any better anti-malware solution available to the average (read: not using F-Droid) user than the Google Play Store? If third party cookie blocking in Chrome has shown us anything, it’s that Google prefers to monopolize data collection.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      11
      ·
      9 months ago

      No. There is no room for anti-malware services in the Android design.

      Such software needs permissions that reach outside of the Android security model to do things like access other application data without its consent.

      Imagine for a moment that you could install anti malware with some kind of super user permission that lets the software access everything it needs to do its job. If so, malware would immediately attempt to use that feature as well, either to steal more of your data or inject itself into other applications.

      Play Services is special because it operates with much higher privileges than third party software can obtain.

      Now, in theory you can still scan applications before they are installed, but I would argue that there’s very limited value in doing so. If you’re installing software from sources you don’t trust, you have bigger problems. You can’t rely on a signature matching engine to detect malware in the general case.