Google Releases 2nd Annual Security Report for Android

Google has published their 2nd annual security report for Android as the company continues to fight malware and other end user harming apps in the ecosystem.  The report highlights some of the activities that Google has gone through in the last year to protect customers, including some 6 billion scans on installed apps per day.  When it comes to security, there is always room for improvement but clearly Google is taking the safety of users serious on their mobile platform.

In the report, Google highlighted some of the activities that they perform to protect consumers using Android devices.

Android Marshmallow Icon Screen
Android Marshmallow
  • We protected users from malware and other Potentially Harmful Apps (PHAs), checking over 6 billion installed applications per day.

  • We protected users from network-based and on-device threats by scanning 400 million devices per day.

  • And we protected hundreds of millions of Chrome users on Android from unsafe websites with Safe Browsing.

Through this effort, Google has lowered the number of PHAs significantly over the course of the last year.  Data collection from apps, for example, is down some 40% to just 0.08% of all installed apps while spyware has decreased 60% to just 0.02%.

Overall, PHAs were installed on fewer than 0.15% of devices that only get apps from Google Play. About 0.5% of devices that install apps from both Play and other sources had a PHA installed during 2015, similar to the data in last year’s report.

The 2nd half of the report focused on the advancements the company made with Android Marshmallow when it comes to security and protection for users.  They outline the specific things within Marshmallow that do this including:

  • Full disk encryption is now a requirement for all new Marshmallow devices with adequate hardware capabilities and is also extended to allow encryption of data on SD cards.
  • Updated app permissions enable you to manage the data they share with specific apps with more granularity and precision.
  • New verified boot ensures your phone is healthy from the bootloader all the way up to the operating system.
  • Android security patch level enables you to check and make sure your device has the most recent security updates.
  • And much more, including support for fingerprint scanners, and SELinux enhancements.
  • Deeper engagement with the Android ecosystem

In an ideal world, the number of PHAs would be 0% and Google is certainly working towards that goal.  The challenge, of course, is getting all of the manufactures who build Android devices to keep them up-to-date with security patches in a timely manner.  That remains the single biggest challenge for security in the Android ecosystem along with users side-loading apps from unknown sources.

The bottom line folks is if you just install apps from the Google Play Store, you will be more secure even if your device doesn’t have the latest security updates.