Google Android Security Report: Malware Down, Harmful Apps Still the Platform's Biggest Threat

Google has released its second annual Android security report on the state of Android security, which reveals some interesting figures on the mobile platform's improvements in terms of security. According to the report, Google says it now scans six billion Android apps everyday on smartphones around the world to look for malicious apps. The company says this entails scanning 400 million devices daily, however, it is not clear whether these are automated scans, initiated by the user, or a combination of both.

Interestingly, Google Play malware significantly dropped between 2014 and 2015, with not more than 0.15 percent of users obtaining rogue code. The figure shoots up to 0.5 percent accounting for all Android users—this uptick is based on the attempts to compromise devices to go outside its app store. The discrepancy stems from what Google can do to stop malware outside its own walls. There are security measures beyond Google Play, such as post-install app verification, but unfortunately, they’re limited and many third-party app stores don’t screen as thoroughly. Google promises things should get better this year—with its monthly updates increasing the likelihood that users can be safer against attacks. Despite the size and complexity of the Android ecosystem, actual user devices were spared the StageFright and Certifigate vulnerabilities discovered in 2015.

The installation of Potentially Harmful Applications (PHA) still remains the platform's biggest threat. Google says that over the course of 2016, PHAs were installed on less than 0.15 percent of devices that gets apps from the official store, an improvement from the previous year, where the report states that "less than 0.5% of devices had a PHA in 2015". Google also improved the capability of Verify Apps so that it can remove applications that have been installed onto the system partition of a compromised device.

[READ: How can you secure your Android device?]

“Google is investing more every year in Android’s security term—both in terms of people and computational resources. Through Google’s Vulnerability Rewards Program, for example, Android paid security researchers and hackers more than $200,000 to fix more than 100 vulnerabilities”, Adrian Ludwig, head of Android Security said.

Overall, the Android security report highlights a number of additions made in the last year., including more granular app permissions and making full disk encryption a requirement on most Marshmalllow devices. Android Marshmallow also has “Android security patch level”, a feature that keeps users better informed about the state of their device.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.