159 – Breaking News & Latest Updates 2026
Skip to main content
The homepageThe VergeThe Verge logo.
The homepageThe VergeThe Verge logo.

Sean Hollister

Sean Hollister

Senior Editor

Senior Editor

    More From Sean Hollister

    Sean Hollister
    Sean Hollister
    In court, Google Play Protect is shooting Google in the foot.

    One of the Epic expert’s biggest points is turning out to be that Google automatically scans incoming apps for malware through a feature called Google Play Protect.

    “Now the malware scanner’s going to run, and it’s going to look and see if the app you were trying to install is malicious,” Professor Mickens tells the jury.

    Mickens says it’s Google’s most important protection against bad apps.

    Judge Donato interrupts to ask: “Could all those other steps be skipped and a user go directly from ‘I’d like to install it’ to the GPP stage?”

    Mickens won’t go quite that far: “I don’t think they should be skipped.” He promises to come back to that point in a couple of slides.

    Sean Hollister
    Sean Hollister
    “One thing I’ll immediately flag here: calling Wikipedia unknown is a bit weird.”

    Epic’s security expert Mickens says despite Android’s scare screens about downloading apps outside of Google Play, “your phone is also vulnerable to attack by apps in the Play Store.”

    Judge Donato interrupts: “If you’re downloading an app from the Play Store, do you see the same warning?”

    “No, you do not see this warning,” says Mickens. He continues:

    “It’s the same app, it’s just Wikipedia, it’s not like the potential nature of its maliciousness has changed... that’s a problem, and that’s why it’s important to look at these warning screens.”

    Sean Hollister
    Sean Hollister
    Judge James Donato has heard far too much about the many individual steps it takes/took to sideload an app on Android.

    Epic and Epic’s expert witness has been asked to speed things along — we’ve been promised there’s a new and salient comparison coming.

    Sean Hollister
    Sean Hollister
    Epic must be so happy these words just came out of its expert’s mouth:

    “We can think of the reviewing process from an app separate from the distribution process for an app.”

    That’s core to Epic’s case — it wants the court to decide that Google has one monopoly on Android app distribution, and another on in-app payments.

    Sean Hollister
    Sean Hollister
    Android already has “all these mechanisms in place trying to keep the user safe,” Epic expert attests.

    James Mickens, Epic’s mobile security expert:

    Even if a user does have the misfortune to download a potentially harmful app on their phone, there are going to be all these mechanisms in place trying to keep the user safe.

    Google already has both automated and human review mechanisms on and off Play to help with this, he says.

    Yet even on Google Play, some scam apps get through.

    Sean Hollister
    Sean Hollister
    This is the public Google document that Epic’s security expert keeps pointing to:

    It’s called The Android Platform Security Model, and it contains phrases that are appearing in court, like:

    Both users and developers are part of an open ecosystem that is not limited to a single application store. Central vetting of developers or registration of users is not required

    It’s a little opaque, but I think he’s saying Google knows it needs to provide security outside the Play Store, already attempts to do this, and could do more.

    The Android Platform Security Model

    [css.csail.mit.edu]

    Sean Hollister
    Sean Hollister
    “Google will sometimes engage in contractual disincentives to prevent those stores from showing up.”

    Epic’s mobile security expert, after showing us a slide that states the Google Play Store is “Mandatory on GMS devices” whereas the Samsung Galaxy Store is merely “Possible on GMS devices.”

    Sean Hollister
    Sean Hollister
    Epic’s security expert is walking through Google’s contracts which mandate Play Store and other app installs at a high level.

    “OEM can’t just take the GMS suite and put that on the OEMs phone... they have to engage in contractual engagements with Google.” Those phones have to go through Google Test Suites for compliance.

    There’s also a Compatibility Definition Document and a Compatibility Test Suite to make sure phones are compliant.

    Sean Hollister
    Sean Hollister
    Epic’s mobile security expert is explaining the layers of a phone.

    We’re looking at a slide titled “Android Operating System” which contains these stacked elements:

    “User Apps”

    “AOSP Middleware” and “GMS Middleware” and “OEM & SOC Middleware”

    “AOSP Kernel”

    and at the bottom, “Hardware.” The AOSP and middleware items are all within an “Operating System” bracket.

    Sean Hollister
    Sean Hollister
    “The reason why an app would be malicious is not the distribution channel it came from,”

    but rather what it tries to do, says Epic’s security expert.

    He says that based on a review of Google’s source code, documents produced for the court, public statements, and academic articles, Google has “under-resourced its security monitoring of off-Play distribution channels” and “has the ability to identify and review apps at the point of installation.”

    We’ve heard Google’s security boss suggest the latter isn’t possible: “We can’t make the internet safe.”

    Most Popular

    Most Popular
    1. Meta’s historic loss in court could cost a lot more than $375 million
    2. Apple raises the Mac Mini’s starting price
    3. How the internet’s favorite squirrel dad made the hottest camera app of 2026
    4. These reusable digital Polaroids are a clever way to cover a fridge in memories
    5. AI music is flooding streaming services — but who wants it?