Google Introduces Panic Button to Close Malicious Apps

Malware is dangerous. Cyber criminals are now targeting all types of operating systems – Windows, Linux, iOS, and Android. Android in particular has become a very popular target due to widespread smartphone usage. There is plenty of Android malware around in different forms – viruses, trojans, worms, wipers, ransomware, and malicious apps.

There are thousands and thousands of applications that run on the Android operating system. There are apps available on the Google Play Store as well as on third-party websites. The apps available on the Google Play Store are generally considered safe, so cybersecurity experts recommend users download apps only from the Google Play Store. The chances of getting infected through malware-laced apps are considerably higher when apps are downloaded from third-party app stores.

Google has a vetting process for allowing Android apps on its store. It has defined policies, and apps have to abide by these policies if they are to be allowed. Google has also included human reviewers, who check for policy violations and malware. Considering all these security measures, the time for approval has increased from hours to days.

Malware Campaigns

In May 2017, cyber security researchers discovered a massive malware campaign on Google Play. This malware, named “Judy,” was discovered in over 40 apps, all developed by a well-known Korean company. The malicious auto-clicking adware apps had been residing on the Google Play store for many years, undetected.

Even more sophisticated apps have been discovered that have been able to bypass Google Play’s protection. Typically, a benign bridgehead app is submitted to the Play store, and as it appears safe it bypasses the scrutiny mechanisms. This app later connects to a C&C server and downloads a malicious payload that installs an ad-click malware. Analysis of suspected apps helped Google discover that over 40 apps had used the same two-stage attack vector. Google has since then removed all these apps.

The Panic Button

In an endeavor to stop malware attacks, Google has added a ‘panic button‘ feature to its Android’s 7.1 Nougat operating system.

The Purpose of the Panic button is:
To block malicious applications from screen jacking – hijacking/taking over a user’s screen, and
Overriding a malicious app’s attempt to prevent exiting from a screen

Solution: “The Panic button” – Repeatedly pressing the ‘back’ button four times will enable the user to escape from the malicious “blocking” app to the home screen of the device. This will also shut down the malicious app.

Google has introduced this feature without a major announcement. The Panic button feature is another attempt by Google to increase the security of Android devices for protection from malware.