When Google Play Protect fails

CERT-LatestNews ThreatsStrategic

I’ve written a lot about Android security over the years — and more often than not, it’s the same ol’ story time and time again:

A company that sells mobile security software finds some theoretical threat — something that (a) hasn’t affected any actual users in the real world and (b) couldn’t affect any actual users in the real world, outside of a highly improbable scenario in which all native security measures are disabled and the user goes out of his way to download a questionable-looking app from some shady porn forum.

Those critical points then become footnotes in a fear-inducing narrative, complete with a carefully crafted memorable name for the Big, Bad Virus™ and a strongly worded reminder about how only such-and-such security software can possibly keep you safe.

It’s an effective form of marketing — that’s for damn sure. But it’s also about as sensational as can be.