Google Play Protect includes on-device capabilities that help keep devices and data safe. These on-device services integrate with cloud-based components that allow Google to push updates that constantly improve their functionality.
PHA scanning services
Google Play Protect leverages cloud-based app-verification services to determine if apps are Potentially Harmful Applications (PHAs). Google Play Protect scans Android devices for evidence of PHAs. It checks all apps on a device, regardless of where the app was downloaded.
Daily PHA scan
Google Play Protect scans devices once everyday. If a PHA is found, a notification asks the user to remove it. In cases where the PHA has no benefit to users, Google Play Protect can remove the PHA from affected devices and block future installs. Google Play Protect scans 125 billion apps every day. Daily scanning allows Google Play Protect to respond quickly to a detected threat, reducing how long users could be exposed to the threat and how many devices may be affected. To conserve data, these daily scans only contact Google servers to request verification when a suspected PHA is detected.
Though Google Play Protect works in the background, users can check when their device was last scanned and view the list of scanned apps in the Google Play Protect section of their Google Play app. Learn how to check your device's security status.
On-demand PHA scan
In addition to a lightweight, daily, automatic scan, users can start a full-device scan at any time. Upon request, the device contacts Google servers for the latest information and scans all apps on the device. If a harmful app is discovered, Google Play Protect notifies the user to take action or takes action on their behalf. This visibility gives users peace of mind that they have the latest protection at all times.
Offline PHA scan
PHA installations can occur when a device is offline or has lost network connectivity. To address this, Google Play Protect has offline scanning, which helps prevent well-known PHAs from being installed offline. When the device regains network connectivity, it undergoes a full scan.
Automatically disable PHAs
Some PHAs are more harmful than others and we treat them differently depending on the PHA classification. The most harmful PHAs are automatically removed from the device, while less severe PHAs are disabled. A disabled app is unusable but remains on the device, and any data associated with the app is recoverable. When an app is automatically disabled, users are notified and can make the decision to remove the app or re-enable it to make it usable again. If no action is taken, the app remains disabled.
Real-time protections for non-Play installs
Google Play Protect offers protection for apps that are installed from sources outside of Google Play. When a user tries to install an app, Play Protect conducts a real-time check of the app against known harmful or malicious samples that Google Play Protect has cataloged.. The app is also checked by on-device machine learning, similarity comparisons and other techniques to confirm if it's suspicious. If the app is identified as malicious or suspicious, we will warn users or block the installation in extreme cases.
Google Play Protect also offers new protections for emerging threats that were previously not scanned before. When Play Protect does not recognize any malicious code from the collected samples, it recommends a real-time code-level scan of the app to extract important signals for evaluation by Google. This helps combat novel malicious apps that may have been altered to avoid detection. If a user agrees to scan the app, they will upload the app data to Google for analysis. A short time later, Play Protect will let users know if the app appears safe to install or is potentially harmful.
Developers and enterprises can use the Verify Apps API to determine if a device is compatible with Google Play Protect and identify any known PHAs that are installed on the device.
You can appeal your app's removal from Google Play. We will reinstate apps in appropriate circumstances, including if an error was made and we find that your app does not violate the Google Play Developer Program Policies and Developer Distribution Agreement.
For more information see, My app has been removed from Google Play.