Yoda says
“PATIENCE YOU MUST HAVE my young padawan”
With online gaming hit Fornite set to make its debut on Android, malware writers are already playing on the game's hype to ensnare victims. Multiple reports have emerged of Android malware packages being disguised as the Epic Games multi-player battle royale-style shooting game, and experts want users to exercise caution , and …
"3/ turn off play protect"
That step is totally unnecessary.
I'm not sure exactly what "play protect" does other than report back to Google all your installed apps.
I've never seen it report anything.
In fact, if any of these so-called "antivirus" apps actually worked they would flag 90% of the apps on the Play Store.
https://www.android.com/play-protect/
It actually is necessary. It's a very effective defence, installed and running but default on the 2billion+ active Android devices, and despite what the name implies, scans apps regardless of how they were installed..
You have no credibility, as you just claimed 90% of Google play apps are malware...
"I've never seen it report anything."
How much malware have you installed???
Congratulations, you get the epic fail of the week post..
"What's this obsession with creating the website equivalent of a "Janet & John" book?
https://www.android.com/play-protect is one example, others are available.
Lots of white space, a few meaningless graphics inter-spaced with vacuous sound-bite PR text."
My point exactly!
Not much detail about an app that is installed on every single Android device.
"You have no credibility, as you just claimed 90% of Google play apps are malware...
"I've never seen it report anything."
How much malware have you installed???
Congratulations, you get the epic fail of the week post.."
In answer to your question Fred,
I have a huge collection of Android apps that are confirmed as malicious that I've pulled from third party app hosting sites and Github that I use for testing/research as well as an even larger collection of apps that are confirmed as malicious that have never been publically reported but that have been silently removed from the Play Store only to return after they've been "fixed" because the developers have too much clout with Google to be banned.
I have several Android devices used for testing as well as several Android emulators of varying builds running on virtual machines and a growing list of apps, scripts, debuggers, decompilers, bytecode readers etc.
My statement that 90% of the apps on the Play Store would get flagged is actually being far too kind.
But what I consider to be a flaggable app might not be the same as others so I will accept your position on the matter.
What I myself consider to be a red flag would be any app that asks for unneeded permissions or collects data for any other purpose that what is needed to make sure the app runs on different platforms, pushes ads from untrusted sources or does "analytics" over http, improper use of certificate pinning, injecting javascript into Webview, apps that leak memory, insecure intents on the manifest that allows malicious apps to use another apps API's etc etc etc.
But I am not the only one that questions Google's Play Protect, a quick web search first hit is:
https://thenextweb.com/google/2017/10/24/google-play-store-antivirus-fail/
Give me a list of the apps you have installed on your own Android phone Fred, I'll download them from the Play Store and run some tests. You might be surprised by my report.
No, perhaps not, but the point is, you don't just "get" malware,. You have to get around 5 hurdles to do so, which is why there is there such a huge gulf between "security researcher theoretical Android security" and reality, where malware is pretty much unheard of, despite 2billion+ active devices.
Security researchers are guilty of over exeragating threats, and applying the situation in China (where there is no Google app store), to western markerts. Websites are grateful for the clickbait, and gulible cretins are keen to lap up the fake news as it fits their agenda.