This is how Google finds and deals with malicious apps
Android has a security setting, called “Verify apps”, that regularly checks for suspicious activity on your device and scans newly installed apps to notify you about potentially harmful software. Hundreds of thousands of Android devices are scanned by Verify apps every day as part of the system's periodic checks, as well as who-knows-how-many apps installed from sources other than Google Play. But then there are the off-grid devices, those that, for one reason or another, cannot be scanned by Verify Apps.
Called Dead or Insecure (DOI) devices, these Android smartphones and tablets are may not be accessible by the security system for a number of reasons. For example, such device could not be in use anymore, but it could also be infected with malware that's preventing Verify apps from doing its job. Once a device becomes DOI, it can be used to identify a malicious app that was installed from an untrusted source, and flagged appropriately.
If, for example, you install an app from an unknown source and your phone continues to periodically check in with the security system, then it is considered a “retained” device. If it doesn't, it's considered DOI. Google then uses the percentage of retained and DOI-ed devices after installing an app to calculate the probability of it being a harmful one.
The following formula is used to score an app:
- N = Number of devices that downloaded the app.
- x = Number of retained devices that downloaded the app.
- p = Probability of a device downloading any app will be retained.
Apps with low retention rate and high number of installs are then examined further to rule out any coincidences and determine whether the app is responsible for a certain device going off the grid. Then, once a potentially harmful app has been identified, Verify apps is back at it again to wipe existing installations and prevent future ones.
Of course, as long as you install apps from the Google Play store, you have absolutely nothing to worry about. Verify apps is just a security tool that adds another layer of protection.