For the last 3+ years I've run Bitdefender daily on my phone. It's never
reported a single hit; not a one in more than (3x365 =) 1,095 runs.
Has anyone ever found any malware? Which AV app were you using?

Ed

On 2023-06-29, our chum 'Ed Cryer' wrote:
> Has anyone ever found any malware? Which AV app were you using?

Play Protect is built into most Android installs and pretty much works
like a third party malware scan. I'd say that because it's baked in,
Google likely have the biggest collection of malware as they're
sourcing it from the whole install base. I've never had it flag up an
app, and I suspect that's because most stuff that makes it onto the
Play store is likely safe.

Unless you like downloading stuff from dark corners of the internets, a
third party malware app is pretty much going to be redundant.

Ed Cryer wrote:

> For the last 3+ years I've run Bitdefender daily on my phone.

No app that runs on the phone is allowed to even see the files belonging
to another app (individual linux file system and linux user per app) so
android AV is largely theatre.

Am 29.06.23 um 10:44 schrieb Ed Cryer:
> For the last 3+ years I've run Bitdefender daily on my phone. It's never
> reported a single hit; not a one in more than (3x365 =) 1,095 runs.
> Has anyone ever found any malware? Which AV app were you using?

None. It does not make sense at all.

--
Gutta cavat lapidem (Ovid)

Am 29.06.23 um 11:20 schrieb Andy Burns:
> Ed Cryer wrote:
>
>> For the last 3+ years I've run Bitdefender daily on my phone.
>
> No app that runs on the phone is allowed to even see the files belonging
> to another app (individual linux file system and linux user per app) so
> android AV is largely theatre.

Money for nothing ...

--
Gutta cavat lapidem (Ovid)

Andy Burns <usenet@andyburns.uk> wrote:

> Ed Cryer wrote:
>
>> For the last 3+ years I've run Bitdefender daily on my phone.
>
> No app that runs on the phone is allowed to even see the files belonging
> to another app (individual linux file system and linux user per app) so
> android AV is largely theatre.

Mobile AVs don't have an on-access (real-time) scanner. The best they
can do is use triggers to initiate a scan, like when installing an app.
Well, checking if a newly installed app is malicious is still some
malware coverage. Else, they are denigrated to an on-demand scanner
that walks through the file system, but even that's some malware
coverage.

The mobile AV app should ask for your permission to make it a phone
administrator (aka device administrator). For example, for an app that
wants to prevent misuse of your phone and locate it, like Google's Find
My Device, it requests permissions to erase all data (you can remotely
erase your phone to prevent data theft when the phone is stolen), change
the screen-unlock password (so a thief that knows your current unlock
password still gets locked out with a new password you issue remotely),
lock the screen (some users set very long lockout timeouts), and other
features to prevent misuse of a stolen phone, or to find your phone.
When I used to have Sophos InterceptX on my phone, it requested admin
privs to perform all its security tasks. Many AVs incorporate the same
features: lock the phone remotely, erase the phone remotely, locate the
phone, trigger on app installs to scan its files, and more. They need
to be granted privileges of a phone administrator; else, most of their
features are lost. In fact, you may not be able to uninstall the AV app
until you remove them as a phone administrator; i.e., first deactivate
their phone administrator status, then uninstall their AV app.

On 2023-06-29, Andy Burns <usenet@andyburns.uk> wrote:
>> For the last 3+ years I've run Bitdefender daily on my phone.
>
> No app that runs on the phone is allowed to even see the files belonging
> to another app (individual linux file system and linux user per app) so
> android AV is largely theatre.

Google claims over a hundred billions (yes, more than a hundred billion!)
of scans every single day on Android phones using AV heuristics to seek out
installed malware applications.

Obviously they're scanning something - so what are you saying is the case
in light of the fact that Google Play Protect is already scanning devices?

https://developers.google.com/android/play-protect
"Google Play Protect scans 125 billion apps daily to make sure that
everything remains spot on. That way, no matter where you download an app
from, you know it's been checked by Google Play Protect."

On 29 Jun 2023 at 10:15:54 PM, VanguardLH <V@nguard.LH> wrote:

> Mobile AVs don't have an on-access (real-time) scanner.

Every day, the default Android scanner checks all apps, so it's not just
real-time scanning upon the installation of the apps which is occurring.
https://support.google.com/googleplay/answer/2812853?hl=en

> The best they can do is use triggers to initiate a scan,
> like when installing an app.

The default Android scanner can also "deactivate & remove" apps.
https://support.google.com/googleplay/answer/2812853?hl=en

> Well, checking if a newly installed app is malicious is still some
> malware coverage. Else, they are denigrated to an on-demand scanner
> that walks through the file system, but even that's some malware
> coverage.

See above. The default Android scanner runs once a day, whether or not you
are using the phone and whether or not you recently installed any apps.

This Tom's Guide implies that the default scanner looks for viruses too.
https://www.tomsguide.com/reviews/google-play-protect

Take a look at that article and see if it changes your opinion above.
--
Cheers, Rob

RJH <patchmoney@gmx.com> wrote:

> On 29 Jun 2023 at 10:15:54 PM, VanguardLH <V@nguard.LH> wrote:
>
>> Mobile AVs don't have an on-access (real-time) scanner.
>
> Every day, the default Android scanner checks all apps, so it's not just
> real-time scanning upon the installation of the apps which is occurring.
> https://support.google.com/googleplay/answer/2812853?hl=en

None of that qualifies as an on-demand (real-time) scanner. The Protect
feature of the Play Store app is check what apps you have installed
against a blacklist.

- It runs a safety check on apps from the Google Play Store before you
download them.
Yep, a blacklist.
- It checks your device for potentially harmful apps from other sources.
These harmful apps are sometimes called malware.
Yep, a blacklist.
- It warns you about potentially harmful apps.
Yep, a blacklist.
- It may deactivate or remove harmful apps from your device.
This catches some users by surprise. They were using an app, and it
disappeared, because Google got around to blacklisting it, and the
Play Store app then complied with Google's blacklist.
- It warns you about detected apps that violate our Unwanted Software
Policy by hiding or misrepresenting important information.
Where do you think that policy is enforced? Up on the server, and
Play Store app warns you.
- It sends you privacy alerts about apps that can get user permissions
to access your personal information, violating our Developer Policy.
Again, a blacklist that warns you about Google's concerns with apps.
- It may reset app permissions to protect your privacy on certain
Android versions.
It also monitors how long since you last used an app, and will
"archive" it. The latest versions of Android has a setting to
override this auto-archiving. Took awhile, but it eventually got
pushed to earlier versions of Android (Play Store app, settings ->
General -> Automatically archive apps). Before the setting got added,
you had to keep answering No to the archive prompt. Archiving the app
meant it lost its permissions. You had to guess which ones to
reactivate when reenabling the app.

None of that equates to an on-demand AV scanner. It is, however, some
protection by regulating which apps you can download and install, or
even keep.

>> The best they can do is use triggers to initiate a scan,
>> like when installing an app.
>
> The default Android scanner can also "deactivate & remove" apps.
> https://support.google.com/googleplay/answer/2812853?hl=en

I was speaking about AV apps, not the Play Store's Protect feature, not
it checking a blacklist to see which to delete.

>> Well, checking if a newly installed app is malicious is still some
>> malware coverage. Else, they are denigrated to an on-demand scanner
>> that walks through the file system, but even that's some malware
>> coverage.
>
> See above. The default Android scanner runs once a day, whether or not you
> are using the phone and whether or not you recently installed any apps.
>
> This Tom's Guide implies that the default scanner looks for viruses too.
> https://www.tomsguide.com/reviews/google-play-protect

Stop calling it the default scanner. It doesn't scan. Looking at the
list of apps installed on a phone is not scanning it for malware.
That's like saying File Explorer in Windows is the default scanner
because it can look at filenames.

> Take a look at that article and see if it changes your opinion above.

Nope. Monitoring and managing app installations is nowhere the same as
an on-demand AV scanner. Someone at Google deciding an app is bad, and
the Play Store complying with the red/green list, is not the same as an
on-demand AV scanner that locally checks the contents of the files for
the apps.

"Google Play Protect may be free, but it’s not as effective mobile
security as some third-party options."

This is very similar to enterprise inventory software that decides what
can be installed on a company's workstations. A client runs on the
workstation to monitor what got installed on it, and checks with the
server if those are allowable programs. That's not AV detection.
That's software inventorying.

If you look at the Play Store Protect settings, you'll realize that it
also incorporate cloud scanning by sending unknown apps to Google to get
analyzed. The Play Store app isn't making the decision. Someone up at
Google decides, and the blacklist may get updated.

I'll grant that Play Store Protect does offer some anti-malware
protection, but is nothing like AV on-demand scanning (which you get on
desktops, not with AVs on Android). Yes, I have left Play Store Protect
enabled, but I don't confuse it with AV programs that run on desktops.
AV apps on Android do little more than Play Store Protect, and why many
users pooh-pooh their use. Many have additional features, but many of
those are duplicated by Google's Find My Device. Between Play Store
Protect and Find My Device, there's little left of the pie for AV apps
to chew on. They instead look at other protections, like web filtering
(identify malicious pages from a DNSBL), lint checker (on hyperlinks),
app blocking (decide which apps can run), wi-fi network security flaws,
privacy advisor (list of known apps with questionable access to your
personal data), add a password vault (e.g., KeePass compatible),
authenticators (used to assist 2FA, TOTP, and HOTP), remote device
management (so companies can control the mobile devices given to their
employees). So, they add more protections, but none of them equate to
an on-demand AV scanner you get on a desktop.

Incubus wrote:

> Andy Burns wrote:
>
>> No app that runs on the phone is allowed to even see the files
>> belonging to another app (individual linux file system and linux user
>> per app) so android AV is largely theatre.
>
> Google claims over a hundred billions

As part of the O/S, google can run stuff as root, which an app (on a
non-rooted device) cannot do.

On 2023-06-30, Andy Burns <usenet@andyburns.uk> wrote:
>>> No app that runs on the phone is allowed to even see the files
>>> belonging to another app (individual linux file system and linux user
>>> per app) so android AV is largely theatre.
>>
>> Google claims over a hundred billions
>
> As part of the O/S, google can run stuff as root, which an app (on a
> non-rooted device) cannot do.

Isn't the Google Play Store just another app?

Why then can the Google Play Protect (whose settings are inside the Google
Play Store app) "run stuff as root", but something like Samsung Knox can't?

On 30 Jun 2023 at 5:12:06 AM, VanguardLH <V@nguard.LH> wrote:

>> Every day, the default Android scanner checks all apps, so it's not just
>> real-time scanning upon the installation of the apps which is occurring.
>> https://support.google.com/googleplay/answer/2812853?hl=en
>
> None of that qualifies as an on-demand (real-time) scanner. The Protect
> feature of the Play Store app is check what apps you have installed
> against a blacklist.

While I'm sure once Google Play Protect scans find a bad apple they add it
to a blacklist, the Google description specifically says it uses complex
heuristics (just like any AV scanner would do) and not just a blacklist.

"Play Protect leverages Google's powerful machine learning algorithms to
combat PHAs. Google's systems learn which apps are harmful and which are
safe by analyzing our entire app database. The algorithms look at hundreds
of signals and compare behavior across the Android ecosystem to see if any
apps show suspicious behavior, such as interacting with other apps on the
device in unexpected ways, accessing or sharing personal data without
authorization, aggressively installing apps (including PHAs), accessing
malicious websites, or bypassing built-in security features. These
algorithms also help us understand where PHAs come from and how they make
money, so we can determine the motivation behind these types of apps."
https://developers.google.com/android/play-protect/cloud-based-protections

> - It runs a safety check on apps from the Google Play Store before you
> download them.
> Yep, a blacklist.

No. You don't fundamentally understand Google Play Protect, probably
because you've convinced yourself that it's nothing more than a blacklist.

"Backed by Google's machine learning, it's always adapting and improving.
Every day, Google Play Protect automatically scans all of the apps on
Android phones and works to prevent the installation of harmful apps,
making it the most widely deployed mobile threat protection service in the
world." https://developers.google.com/android/play-protect

> - It checks your device for potentially harmful apps from other sources.
> These harmful apps are sometimes called malware.
> Yep, a blacklist.

No. Not a blacklist. You have to understand what Google says it does versus
what you think Google does as it's way more sophisticated than a blacklist.
https://www.howtogeek.com/355504/what-is-google-play-protect-and-how-does-it-keep-android-secure/

Saying the most sophisticated anti virus protection available to consumers
is a blacklist is like saying a slingshot will do what a space rocket does.

It's clear you fundamentally don't understand how sophisticated AV
heuristics works when it comes to intense deep scanning on the device of
not only every installed app but even the memory that it's running inside.

> - It warns you about potentially harmful apps.
> Yep, a blacklist.

If you think the most sophisticated anti virus protection in the world is
nothing more than a blacklist, then you can't be convinced otherwise.

> - It may deactivate or remove harmful apps from your device.
> This catches some users by surprise. They were using an app, and it
> disappeared, because Google got around to blacklisting it, and the
> Play Store app then complied with Google's blacklist.

This happened once out of billions upon billions upon billions of apps.
And you're worried about that?

You may as well be worried about an asteroid landing on your own home.
Seriously. Only you would complain about a one-in-billions chances.

Do you play the lottery? You must. People like you always do.

I suspect you put thousands of dollars into the lottery every day since you
don't seem to be able to comprehend what it means to be one in a billion.

> - It warns you about detected apps that violate our Unwanted Software
> Policy by hiding or misrepresenting important information.
> Where do you think that policy is enforced? Up on the server, and
> Play Store app warns you.

Google Play Protect runs those safety checks whether or not you download
the app from the Google Play Store or from any developer web site also.

It even runs those safety checks if you install from your own hard drives.
https://www.rd.com/article/google-play-protect/

> - It sends you privacy alerts about apps that can get user permissions
> to access your personal information, violating our Developer Policy.
> Again, a blacklist that warns you about Google's concerns with apps.

"Google Play Protect is now using a new "Protected Download" API to verify
the integrity of models and heuristics downloaded onto devices, ensuring
malware authors haven't tampered with them."
https://www.reddit.com/r/Android/comments/1195hvn/mishaal_rahman_google_play_protect_is_now_using_a/

> - It may reset app permissions to protect your privacy on certain
> Android versions.
> It also monitors how long since you last used an app, and will
> "archive" it. The latest versions of Android has a setting to
> override this auto-archiving. Took awhile, but it eventually got
> pushed to earlier versions of Android (Play Store app, settings ->
> General -> Automatically archive apps). Before the setting got added,
> you had to keep answering No to the archive prompt. Archiving the app
> meant it lost its permissions. You had to guess which ones to
> reactivate when reenabling the app.

"There's one detail rarely mentioned about Google's splashy new Android
security effort-and it's a critical point for everyone to understand."
https://www.computerworld.com/article/3210587/google-play-protect-android.html
"1. It scans Play Store apps for any signs of malware.

An essential measure, to be sure-and one Google's been doing in this same
basic manner since 2012.

2. It monitors apps on your device for any signs of shady behavior.

Google also introduced this in 2012 (and then launched it more broadly in
2013) with the initial goal of addressing apps installed from unofficial,
non-Play Store sources. It expanded the system in 2014 to include
continuous monitoring of all apps on all devices.

3. It allows you to remotely locate, lock and optionally wipe your device.

A handy and highly useful function that-yup, you guessed it-has been
natively available in Android since 2013.

4. It warns you about websites that might serve up malware or try to trick
you into providing personal information."

> None of that equates to an on-demand AV scanner. It is, however, some
> protection by regulating which apps you can download and install, or
> even keep.

You fundamentally have no idea of what you're talking about if you think
none of those scans are happening in a way you term "on demand" scanning.

"On-demand PHA scan
In addition to a lightweight, daily, automatic scan, users can start a
full-device scan at any time. Upon request, the device contacts Google
servers for the latest information and scans all apps on the device. If a
harmful app is discovered, Google Play Protect notifies the user to take
action or takes action on their behalf. This visibility gives users peace
of mind that they have the latest protection at all times."
https://developers.google.com/android/play-protect/client-protections

>>> The best they can do is use triggers to initiate a scan,
>>> like when installing an app.
>>
>> The default Android scanner can also "deactivate & remove" apps.
>> https://support.google.com/googleplay/answer/2812853?hl=en
>
> I was speaking about AV apps, not the Play Store's Protect feature, not
> it checking a blacklist to see which to delete.

That you equate the most complicated scanner on earth to a blacklist is
something that nobody is going to get out of your head no matter how many
references show that a blacklist is the least of what any AV program does.

"It's more than a malware scanner."
https://www.androidcentral.com/apps-software/what-is-google-play-protect
"Most people who have heard of Google Play Protect think of it as a great
malware scanner for Android apps. It is, but it encompasses a lot more than
that. It's a full suite of protective services for your Android phone."

>>> Well, checking if a newly installed app is malicious is still some
>>> malware coverage. Else, they are denigrated to an on-demand scanner
>>> that walks through the file system, but even that's some malware
>>> coverage.
>>
>> See above. The default Android scanner runs once a day, whether or not you
>> are using the phone and whether or not you recently installed any apps.
>>
>> This Tom's Guide implies that the default scanner looks for viruses too.
>> https://www.tomsguide.com/reviews/google-play-protect
>
> Stop calling it the default scanner. It doesn't scan. Looking at the
> list of apps installed on a phone is not scanning it for malware.
> That's like saying File Explorer in Windows is the default scanner
> because it can look at filenames.

Incubus <u9536612@gmail.com> wrote:
> On 2023-06-30, Andy Burns <usenet@andyburns.uk> wrote:
> >>> No app that runs on the phone is allowed to even see the files
> >>> belonging to another app (individual linux file system and linux user
> >>> per app) so android AV is largely theatre.
> >>
> >> Google claims over a hundred billions
> >
> > As part of the O/S, google can run stuff as root, which an app (on a
> > non-rooted device) cannot do.
>
> Isn't the Google Play Store just another app?

No.

> Why then can the Google Play Protect (whose settings are inside the Google
> Play Store app) "run stuff as root", but something like Samsung Knox can't?

Google Play Services runs with system privilege, which other apps don't.

I assume Knox also runs with system privilege, since it's part of Samsung's
OS.

J. Random Antivirus does not run with system privilege, even if it asks for
it, because user-installed apps can't get system privilege (unless the phone
is rooted).

Theo

Am 30.06.2023 um 14:07:54 Uhr schrieb Theo:

> I assume Knox also runs with system privilege, since it's part of Samsung's
> OS.

I have a pixel. Not a Samsung. What does Knox do that the pixel doesn't do?

Am 30.06.23 um 14:07 schrieb Theo:
> Incubus <u9536612@gmail.com> wrote:
>> On 2023-06-30, Andy Burns <usenet@andyburns.uk> wrote:
>>>>> No app that runs on the phone is allowed to even see the files
>>>>> belonging to another app (individual linux file system and linux user
>>>>> per app) so android AV is largely theatre.
>>>>
>>>> Google claims over a hundred billions
>>>
>>> As part of the O/S, google can run stuff as root, which an app (on a
>>> non-rooted device) cannot do.
>>
>> Isn't the Google Play Store just another app?
>
> No.
>
>> Why then can the Google Play Protect (whose settings are inside the Google
>> Play Store app) "run stuff as root", but something like Samsung Knox can't?
>
> Google Play Services runs with system privilege, which other apps don't.
>
> I assume Knox also runs with system privilege, since it's part of Samsung's
> OS.

Samsung does not have an OS. It is just Android.

--
Prudentia potentia est

Am 30.06.23 um 14:24 schrieb Marco Moock:
> Am 30.06.2023 um 14:07:54 Uhr schrieb Theo:
>
>> I assume Knox also runs with system privilege, since it's part of Samsung's
>> OS.
>
> I have a pixel. Not a Samsung. What does Knox do that the pixel doesn't do?

Knox is software. Pixel is hardware.

--
Prudentia potentia est

RJH <patchmoney@gmx.com> wrote:

> On 30 Jun 2023 at 5:12:06 AM, VanguardLH <V@nguard.LH> wrote:
>
>>> Every day, the default Android scanner checks all apps, so it's not just
>>> real-time scanning upon the installation of the apps which is occurring.
>>> https://support.google.com/googleplay/answer/2812853?hl=en
>>
>> None of that qualifies as an on-demand (real-time) scanner. The Protect
>> feature of the Play Store app is check what apps you have installed
>> against a blacklist.
>
> While I'm sure once Google Play Protect scans find a bad apple they add it
> to a blacklist, the Google description specifically says it uses complex
> heuristics (just like any AV scanner would do) and not just a blacklist.
>
> "Play Protect leverages Google's powerful machine learning algorithms to
> combat PHAs. Google's systems learn which apps are harmful and which are
> safe by analyzing our entire app database. The algorithms look at hundreds
> of signals and compare behavior across the Android ecosystem to see if any
> apps show suspicious behavior, such as interacting with other apps on the
> device in unexpected ways, accessing or sharing personal data without
> authorization, aggressively installing apps (including PHAs), accessing
> malicious websites, or bypassing built-in security features. These
> algorithms also help us understand where PHAs come from and how they make
> money, so we can determine the motivation behind these types of apps."
> https://developers.google.com/android/play-protect/cloud-based-protections" rel="nofollow" target="_blank">https://developers.google.com/android/play-protect/cloud-based-protections
>
>> - It runs a safety check on apps from the Google Play Store before you
>> download them.
>> Yep, a blacklist.
>
> No. You don't fundamentally understand Google Play Protect, probably
> because you've convinced yourself that it's nothing more than a blacklist.
>
> "Backed by Google's machine learning, it's always adapting and improving.
> Every day, Google Play Protect automatically scans all of the apps on
> Android phones and works to prevent the installation of harmful apps,
> making it the most widely deployed mobile threat protection service in the
> world." https://developers.google.com/android/play-protect
>
>> - It checks your device for potentially harmful apps from other sources.
>> These harmful apps are sometimes called malware.
>> Yep, a blacklist.
>
> No. Not a blacklist. You have to understand what Google says it does versus
> what you think Google does as it's way more sophisticated than a blacklist.
> https://www.howtogeek.com/355504/what-is-google-play-protect-and-how-does-it-keep-android-secure/
>
> Saying the most sophisticated anti virus protection available to consumers
> is a blacklist is like saying a slingshot will do what a space rocket does.
>
> It's clear you fundamentally don't understand how sophisticated AV
> heuristics works when it comes to intense deep scanning on the device of
> not only every installed app but even the memory that it's running inside.
>
>> - It warns you about potentially harmful apps.
>> Yep, a blacklist.
>
> If you think the most sophisticated anti virus protection in the world is
> nothing more than a blacklist, then you can't be convinced otherwise.
>
>> - It may deactivate or remove harmful apps from your device.
>> This catches some users by surprise. They were using an app, and it
>> disappeared, because Google got around to blacklisting it, and the
>> Play Store app then complied with Google's blacklist.
>
> This happened once out of billions upon billions upon billions of apps.
> And you're worried about that?
>
> You may as well be worried about an asteroid landing on your own home.
> Seriously. Only you would complain about a one-in-billions chances.
>
> Do you play the lottery? You must. People like you always do.
>
> I suspect you put thousands of dollars into the lottery every day since you
> don't seem to be able to comprehend what it means to be one in a billion.
>
>> - It warns you about detected apps that violate our Unwanted Software
>> Policy by hiding or misrepresenting important information.
>> Where do you think that policy is enforced? Up on the server, and
>> Play Store app warns you.
>
> Google Play Protect runs those safety checks whether or not you download
> the app from the Google Play Store or from any developer web site also.
>
> It even runs those safety checks if you install from your own hard drives.
> https://www.rd.com/article/google-play-protect/
>
>> - It sends you privacy alerts about apps that can get user permissions
>> to access your personal information, violating our Developer Policy.
>> Again, a blacklist that warns you about Google's concerns with apps.
>
> "Google Play Protect is now using a new "Protected Download" API to verify
> the integrity of models and heuristics downloaded onto devices, ensuring
> malware authors haven't tampered with them."
> https://www.reddit.com/r/Android/comments/1195hvn/mishaal_rahman_google_play_protect_is_now_using_a/
>
>> - It may reset app permissions to protect your privacy on certain
>> Android versions.
>> It also monitors how long since you last used an app, and will
>> "archive" it. The latest versions of Android has a setting to
>> override this auto-archiving. Took awhile, but it eventually got
>> pushed to earlier versions of Android (Play Store app, settings ->
>> General -> Automatically archive apps). Before the setting got added,
>> you had to keep answering No to the archive prompt. Archiving the app
>> meant it lost its permissions. You had to guess which ones to
>> reactivate when reenabling the app.
>
> "There's one detail rarely mentioned about Google's splashy new Android
> security effort-and it's a critical point for everyone to understand."
> https://www.computerworld.com/article/3210587/google-play-protect-android.html
> "1. It scans Play Store apps for any signs of malware.
>
> An essential measure, to be sure-and one Google's been doing in this same
> basic manner since 2012.
>
> 2. It monitors apps on your device for any signs of shady behavior.
>
> Google also introduced this in 2012 (and then launched it more broadly in
> 2013) with the initial goal of addressing apps installed from unofficial,
> non-Play Store sources. It expanded the system in 2014 to include
> continuous monitoring of all apps on all devices.
>
> 3. It allows you to remotely locate, lock and optionally wipe your device.
>
> A handy and highly useful function that-yup, you guessed it-has been
> natively available in Android since 2013.
>
> 4. It warns you about websites that might serve up malware or try to trick
> you into providing personal information."
>
>> None of that equates to an on-demand AV scanner. It is, however, some
>> protection by regulating which apps you can download and install, or
>> even keep.
>
> You fundamentally have no idea of what you're talking about if you think
> none of those scans are happening in a way you term "on demand" scanning.
>
> "On-demand PHA scan
> In addition to a lightweight, daily, automatic scan, users can start a
> full-device scan at any time. Upon request, the device contacts Google
> servers for the latest information and scans all apps on the device. If a
> harmful app is discovered, Google Play Protect notifies the user to take
> action or takes action on their behalf. This visibility gives users peace
> of mind that they have the latest protection at all times."
> https://developers.google.com/android/play-protect/client-protections
>
>>>> The best they can do is use triggers to initiate a scan,
>>>> like when installing an app.
>>>
>>> The default Android scanner can also "deactivate & remove" apps.
>>> https://support.google.com/googleplay/answer/2812853?hl=en
>>
>> I was speaking about AV apps, not the Play Store's Protect feature, not
>> it checking a blacklist to see which to delete.
>
> That you equate the most complicated scanner on earth to a blacklist is
> something that nobody is going to get out of your head no matter how many
> references show that a blacklist is the least of what any AV program does.
>
> "It's more than a malware scanner."
> https://www.androidcentral.com/apps-software/what-is-google-play-protect
> "Most people who have heard of Google Play Protect think of it as a great
> malware scanner for Android apps. It is, but it encompasses a lot more than
> that. It's a full suite of protective services for your Android phone."
>
>
>>>> Well, checking if a newly installed app is malicious is still some
>>>> malware coverage. Else, they are denigrated to an on-demand scanner
>>>> that walks through the file system, but even that's some malware
>>>> coverage.
>>>
>>> See above. The default Android scanner runs once a day, whether or not you
>>> are using the phone and whether or not you recently installed any apps.
>>>
>>> This Tom's Guide implies that the default scanner looks for viruses too.
>>> https://www.tomsguide.com/reviews/google-play-protect
>>
>> Stop calling it the default scanner. It doesn't scan. Looking at the
>> list of apps installed on a phone is not scanning it for malware.
>> That's like saying File Explorer in Windows is the default scanner
>> because it can look at filenames.
>
> If you think Google Play Protect doesn't "scan" then no amount of
> references proving that it does scan your memory and your file system and
> all running apps will convince you that the most sophisticated scanner in
> the world is nothing more, to you, than a simple blacklist check.
>
> "Every day, Google Play Protect automatically scans all of the apps on
> Android phones and works to prevent the installation of harmful apps,
> making it the most widely deployed mobile threat protection service in the
> world." https://developers.google.com/android/play-protect
>
>>> Take a look at that article and see if it changes your opinion above.
>>
>> Nope. Monitoring and managing app installations is nowhere the same as
>> an on-demand AV scanner. Someone at Google deciding an app is bad, and
>> the Play Store complying with the red/green list, is not the same as an
>> on-demand AV scanner that locally checks the contents of the files for
>> the apps.
>>
>> "Google Play Protect may be free, but it's not as effective mobile
>> security as some third-party options."
>
> You seem to own the ideas of a very young kid who has never lived through
> the antivirus wars of the Windows era when Windows viruses were rampant.
>
> If you did live through those anti virus wars, you learned nothing from
> them as EVERY anti-virus scanner has its own flaws, pitfalls & foibles.
>
> Google Play Protect is no exception. It's just another anti virus on-demand
> automatic heuristic scanner with the main exception being it runs as root.
> https://www.lifewire.com/what-is-google-play-protect-4773171
>
>> This is very similar to enterprise inventory software that decides what
>> can be installed on a company's workstations. A client runs on the
>> workstation to monitor what got installed on it, and checks with the
>> server if those are allowable programs. That's not AV detection.
>> That's software inventorying.
>
> You fundamentally don't know how heuristic scanning works.
> If you're a young kid, then you need to read up on how these things work.
> https://www.lifewire.com/what-is-google-play-protect-4773171
>
> If you're not a kid, then you probably will never learn how they work.
> https://www.rd.com/article/google-play-protect/
>
>> If you look at the Play Store Protect settings, you'll realize that it
>> also incorporate cloud scanning by sending unknown apps to Google to get
>> analyzed. The Play Store app isn't making the decision. Someone up at
>> Google decides, and the blacklist may get updated.
>
> You fundamentally do not seem to understand that Google Play Protect does a
> LOT of things. It's MORE than just an AV scanner. And what it does is
> constantly improving over time. You don't know any of that because you have
> convinced yourself that it's nothing more than a simple blacklist test.
>
> To provide a balanced view, the OLDER Google Play Protect had huge issues.
> https://www.spiceworks.com/it-security/application-security/news/googles-built-in-defense-tool-for-android-is-actually-pointless-av-test-report/
>
> Google Play Protect used to suck. It's still not perfect.
> But neither is any other Android scanner.
>
> Here is another bad review for Google Play Protect but notice all the bad
> reviews are very old as Google Play Protect is getting better every day.
> https://www.gadgets360.com/apps/news/google-play-protect-android-malware-protection-failed-false-detection-rate-av-test-2497882

Joerg Lorenz <hugybear@gmx.ch> wrote:

> Samsung does not have an OS. It is just Android.

Just like Google Chrome is a Chromium variant, but with proprietary code
added from Google. As far as I know, Pixel and a few others come with a
stock Android OS. About as pure as you can get. Other phone makers
brand their customized version of Android with separate or different
features or functions. Saying Samsung's variant of Android is just
Android is like saying SUSE is just Redhat.

Google is trying to alleviate the customization effort a phone maker
puts into branding their OS variant. Before Google gave them the code,
and the phone maker would customize it how they wanted. Google wants to
modularize their OS, so customization is separate code instead of
modifying the base code. However, phone makers still create a variant
of Android, and that means they can add or remove whatever they want.

Sorry, I forgot the name of Google's project that was to suppose to
modularize Android to make it easier for phone makers to customize.
However, that phone makers customize mandates that they are not
supplying a pure Android OS. The phone makers want to improve, they
want to brand their phones, and they have their own agenda.

For example, there's Chromium, and there's Google Chrome. One is open
source. The other is open source with added proprietary code. There's
Firefox, and there's Vivaldi. Unless you get a phone with a pure
Android (just a few of those), you get a customized version of Android.
Google has their Find My Device while Samsung instead has Find My
Mobile. Phones can come with different dialers. Each phone maker, when
customizing the Android OS, can add their own services. They have
similarity to Google's Android, and also have differences.

Am 30.06.23 um 21:21 schrieb VanguardLH:
> Joerg Lorenz <hugybear@gmx.ch> wrote:
>
>> Samsung does not have an OS. It is just Android.
>
> Just like Google Chrome is a Chromium variant, but with proprietary code
> added from Google. As far as I know, Pixel and a few others come with a
> stock Android OS. About as pure as you can get.

Really?
Guess what! I have a Pixel 7!

Other phone makers
> brand their customized version of Android with separate or different
> features or functions. Saying Samsung's variant of Android is just
> Android is like saying SUSE is just Redhat.

Bullshit. Android is exactly defined.
You are really a Mr. Wisenheimer.

> Google is trying to alleviate the customization effort a phone maker
> puts into branding their OS variant. Before Google gave them the code,
> and the phone maker would customize it how they wanted. Google wants to
> modularize their OS, so customization is separate code instead of
> modifying the base code. However, phone makers still create a variant
> of Android, and that means they can add or remove whatever they want.
>
> Sorry, I forgot the name of Google's project that was to suppose to
> modularize Android to make it easier for phone makers to customize.
> However, that phone makers customize mandates that they are not
> supplying a pure Android OS. The phone makers want to improve, they
> want to brand their phones, and they have their own agenda.
>
> For example, there's Chromium, and there's Google Chrome. One is open
> source. The other is open source with added proprietary code. There's
> Firefox, and there's Vivaldi. Unless you get a phone with a pure
> Android (just a few of those), you get a customized version of Android.
> Google has their Find My Device while Samsung instead has Find My
> Mobile. Phones can come with different dialers. Each phone maker, when
> customizing the Android OS, can add their own services. They have
> similarity to Google's Android, and also have differences.

Are you bored?

--
Prudentia potentia est