This is how Google finds and deals with malicious apps
Called Dead or Insecure (DOI) devices, these Android smartphones and tablets are may not be accessible by the security system for a number of reasons. For example, such device could not be in use anymore, but it could also be infected with malware that's preventing Verify apps from doing its job. Once a device becomes DOI, it can be used to identify a malicious app that was installed from an untrusted source, and flagged appropriately.
If, for example, you install an app from an unknown source and your phone continues to periodically check in with the security system, then it is considered a “retained” device. If it doesn't, it's considered DOI. Google then uses the percentage of retained and DOI-ed devices after installing an app to calculate the probability of it being a harmful one.
The following formula is used to score an app:
- N = Number of devices that downloaded the app.
- x = Number of retained devices that downloaded the app.
- p = Probability of a device downloading any app will be retained.