- Home
- Products
- Play Protect
- Potentially Harmful Applications
Potentially Harmful Applications (PHAs) are apps that could put users, user data, or devices at risk. These apps are often generically referred to as malware. We've developed a range of categories for different types of PHAs, including trojans, phishing, and spyware apps, and we are continuously updating and adding new categories.
Potentially harmful?
There is some confusion around the ambiguity of the word potentiallywhen used to describe malicious apps. Google Play Protect removes apps that havebeen flagged as Potentially Harmful because the app does contain maliciousbehavior not because we are simply unsure if the app is harmful or not. The wordpotentially is used here because malicious apps function differently dependingon a variety of variables thus an app that is harmful to one Android devicemight not pose a risk at all to another Android device. For example, a devicerunning the latest version of Android is not affected by harmful apps which usedeprecated APIs to perform malicious behavior but a device that is still runninga very early version of Android might be at risk. Mobile billing fraud poses arisk to devices connected to service carriers but devices which only connect toWIFI are not affected by these apps.
Apps are flagged as a PHA if they clearly pose a risk to some or all Androiddevices and users.
User-wanted PHAs
Some apps that can weaken or disable Android security features aren't categorized as PHAs. These apps provide functionality that users want, such as rooting the device and other development features. Even though these apps are potentially harmful, users install them intentionally, so Google Play Protect manages them differently than other PHAs.
When a user begins to installI an app that's classified as user-wanted, Google Play Protect warns the user of the app's potential hazards just once. The user can decide whether to continue with the installation. After installation, the user-wanted classifications prevents Google Play Protect from sending additional warnings, so there's no disruption to the user experience.
Classifications
There are several categories for classifying PHAs that help Play Protect detect them and determine the right action to take. These categories include malicious apps like trojans, spyware, and phishing apps, as well as user-wanted apps. If Play Protect detects a PHA, it displays a warning. For certain malicious apps, Play Protect automatically disables or removes the app. When Play Protect detects that a PHA contains features from multiple categories, it classifies the app based on the most harmful characteristics. For example, if an app applies to both ransomware and spyware categories, the Verify Apps message identifies it as ransomware.
You can view the current PHA categories and definitions here.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2019-11-12 UTC.
[{ "type": "thumb-down", "id": "missingTheInformationINeed", "label":"Missing the information I need" },{ "type": "thumb-down", "id": "tooComplicatedTooManySteps", "label":"Too complicated / too many steps" },{ "type": "thumb-down", "id": "outOfDate", "label":"Out of date" },{ "type": "thumb-down", "id": "samplesCodeIssue", "label":"Samples / code issue" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]