Google’s third annual Android Security report is out for 2016, and according to the company, they’ve managed to ensure that potentially harmful apps (PHA) are down on the Play Store. Over 735 million Android devices from 200+ smartphone manufacturers are running on a security patch from 2016, says Google.
Google’s report also highlights the best way to avoid trojans or malware on your smartphone is by sticking to the official Google Play Store for downloads. There are over 1.4 billion Android users and if you go by the company’s own number of 735 million, just over half of the users are on a device with a 2016 security patch, which is not the best news.
While Google admits they’ve been providing security updates for Android smartphones, there’s still a lot to be done. The company’s report notes, “half of devices in use at the end of 2016 had not received a platform security update in the previous year. We’re working to increase device security updates by streamlining our security update program to make it easier for manufacturers to deploy security patches and releasing A/B updates to make it easier for users to apply those patches.”
The Android Security report, gives a detailed look at the kind of risks that Android phones have been facing over the last couple of years, and how Google is working towards keeping the phones safe. Also Google isn’t just doing all this work alone; it has paid researchers nearly $1 million dollars for their reports in 2016, and says it worked with various security firms to fix issues plaguing their OS.
Google’s own data shows that PHA installs have gone down in 2016. Some of the stats shared by Google are:
1) Trojans are now at 0.016 per cent of installs, seeing a drop of 51.5 per cent compared to the year 2015.
2) Hostile downloaders now account for 0.003 percent of installs; they saw a 54.6 per cent drop from 2015.
3) Backdoors install stand at 0.003 percent of installs, which is a 30.5 per cent drop from 2015.
4) Phishing apps are at 0.0018 percent of installs, which is a drastic 73.4 per cent drop from the year before.
As Google’s report highlights, by the end of 2016 only 0.05 per cent of devices where apps were downloaded from the Play Store contained a threat. Earlier this stood at 0.15 per cent in 2015. So essentially the Google Play Store has gotten a whole lot better at detecting apps, which can pose a threat.
Interestingly though, nearly 0.71 per cent of all Android devices had PHAs installed at the end of 2016, which is a slight increase from 2015 when it stood at 0.5 per cent. This number includes people who download and install apps from beyond the Play Store, and clearly this comes with risks.
In its report, Google says it is relying on machine learning and statistical analysis in order speed up how it detects these apps which are harmful, and has made improvements to ‘Safe browsing’ service as well to protect users from phishing sites and websites hosting malware.
Google says it has “streamlined the boot-up process” in order to make it easier to install OTA security updates. Some of Google’s security measures like Verify Apps block nearly 0.4 per cent and 1.2 per cent of all secondary install attempts daily, and thus ensure harmful apps don’t get installed on phones. Verfiy Apps is Google’s cloud-based service, which scans applications before installations and runs regular scans on installed apps as well.
Google’s Security report also shows only 48.9 per cent of devices (across form factors) have some form of lockscreen enabled, which is not good news. A lockscreen ensures that if the device is stolen, a user’s data remains protected.
Google also says it is working to deal with Ghost Push family, but two categories of fraud, which are around SMS and Toll, saw an increase in 2016. The report also says harmful apps outside Google Play Store are much higher.