Google today released its Android Security Annual report (PDF), the company’s summary of how its services, partners, and the security community have protected, and failed to protect, the Android ecosystem over the past year. The big takeaway is that of devices that were limited to only installing apps from Google Play, harmful apps were installed on “fewer than 0.15 percent” in 2015. This number is unchanged from the one Google shared for 2014.
Most Android devices ship with Google Play, making it the app store from which the average Android user installs his or her apps. Yet there are devices (like those in Amazon’s Kindle line) and markets (such as China) where Google Play is not the default or is not available at all. Unsurprisingly, this is where Potentially Harmful Apps (PHAs) are more prevalent. But the company still feels a responsibility to thwart attacks on these devices — “it’s critical that we protect users that install apps from sources other than Google Play as well,” Google declared.
Google says it improved its Verify Apps service, which protects users installing apps outside of Google Play, by over 50 percent. This was timely, as the company saw an increase in the number of PHA install attempts outside of Google Play in 2015. Across all devices in the Android ecosystem with Google’s services, about 0.5 percent of devices had a PHA installed during 2015. The company called this figure “similar” to 2014’s (that year’s report stated that “less than 1 percent of all devices had a PHA installed”).
Google shared a few more big numbers today. In 2015, the company protected Android users from malware and other PHAs by checking over 6 billion installed apps per day — from network-based and on-device threats — by scanning 400 million devices per day, and from an unknown number of unsafe websites by extending its Safe Browsing service to Chrome for Android.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
Google also says its security efforts last year reduced the probability of installing a PHA from Google Play by over 40 percent compared to 2014. Within Google Play, install attempts for “most categories of PHAs” declined. The company highlighted three:
- Data Collection -- Decreased over 40 percent to 0.08 percent of installs
- Spyware -- Decreased 60 percent to 0.02 percent of installs
- Hostile Downloader -- Decreased 50 percent to 0.01 percent of installs
And yet, that 0.15 percent figure refused to fall. It just goes to show how persistent malware makers are at spreading their wares.
Google continues to beef up Android’s security in other ways. Not only did Android Marshmallow bring a multitude of security features to the table (as will Android N after it), but the company is also now pushing monthly security updates to its devices and encouraging others to do the same.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More