The operating system from Google has security that can be set at your own discretion in the "Application Verification" section. Thanks to this type of security, the system regularly checks suspiciously active applications on your device and also checks newly installed "apps". If potentially harmful software appears on your phone or tablet, the operating system will notify you immediately.
However, there are those among us who have so-called dead or insecure devices (abbreviation DOI). These smartphones and tablets may not be part of the authentication (security) system for several reasons. For example, such a device cannot be used, but it can still be infected with malicious software, which then prevents applications from being authenticated. Once a device becomes part of a DOI, it can identify a malicious application that was installed from an untrusted source.
For example, if you install applications from an unknown source and the phone continues to regularly check the security system, then it is considered a so-called captured device. If it doesn't, it's a DOI. Google then uses a special formula to determine if the device is infected. This calculation is based on other DOI-ed phones or tablets.
N = number of devices that downloaded the app
X = number of stored devices that have downloaded the app
P = probability of downloaded devices keeping the app
Apps with low app retention and a high number of installs are then further investigated in more detail. After potentially malicious software has been detected, a verification system will come in to delete it. The best way to ensure the most secure device is to download apps from the Play Store.
Source: Phonearena
