This probably won’t come as much of a surprise, but Google is scanning every single app that finds its way on to your phone, whether you downloaded it from Google Play or a third-party source.
In a security report released on Thursday, Google confirmed that it is tracking applications through a feature called Verify Apps. This system ensures that Potentially Harmful Applications (PHAs) don’t end up on your phone or tablet. PHAs are “any application that can potentially harm the user, their device, or their data,” according to Google.
“Google’s systems use machine learning to see patterns and make connections that humans would not,” Google explains. “Google Play analyzes millions of data points, asset nodes, and relationship graphs to build a high-precision security-detection system.”
Verify Apps has been active for a few years, but it was in 2014 that Google added the Safety Net, which scans all apps regardless of where they come from. Google says that full device scans run about once a week, and by the end of 2014, well over 200 million devices were being scanned every day.
As for what exactly is being collected during these scans, Google claims that the system “only collects data needed to provide and improve device security.” None of your personal or location data is tracked, but if you’re still feeling wary about Verify Apps, you can turn it off by navigating through Settings -> Security and tapping the button labeled “Scan device for security threats.”