Skip to main content

Google lifts the lid on Android malware with new report

Google says that it is keen for Android to be a secure platform for developers and end users alike. It's not a unique claim; Apple would likely say much the same about iOS, and Microsoft about Windows Phone/Windows 10 for Phones.

To demonstrate how fervently it has been working away at improving security and introducing new security-focused features, Google published a report looking back on Android security in 2014. Dubbed the Android Security State of the Union 2014, it makes for interesting reading. It includes the revelation that nearly 10 million Android devices have potentially harmful apps installed.

The report starts off by highlighting some of the most noticeable changes made to the Android platform - the introduction of full-disk encryption, better sandboxing with SELinux-based Mandatory Access Control system, and wider use of hardware protected cryptography. This is all very interesting, but then we're treated to some statistics. Coining the phrase Potentially Harmful Applications - or PHAs for the sake of brevity (malware by another name) - Google aims to show how protection has improved over time.

In fact, from the beginning of Q1 2014 to the end of Q4 2014, the number of PHA installations dropped by nearly half. But what does this actually mean? Google throws out some more stats that shed a little light on the matter.

The report suggests that more than a billion devices are "protected with Google Play". Despite this protection, Google admits that fewer than 0.15 per cent of Android devices that install software solely from Google Play - so devices whose owners have not side-loaded apps from other sources - had PHAs installed. At this stage we're not working with particularly precise figures, but we can estimate that there are around 1.5 million devices with potentially harmful software installed, even though they're only using the official Google source for apps.

But of course there are plenty of people who download apps from other sources, be it Amazon's store, direct from developers' websites, or through less legal channels. Count these devices, and the percentage of devices that have PHAs installed jumps to "fewer than 1 per cent".

To think that 99 per cent of devices do not have potentially harmful software installed is clearly great, but the darker side of the story is that Google is aware of up to 10 million Android devices do have such apps installed.

Considering we're treated to a percentage rounded to two decimal places for devices using only Google Play, it would seem odd that the same treatment would not be given to devices using other sources as well. As such it would seem reasonable to deduce that while the figure is below 1 per cent, it's actually very, very close to 1 per cent.

Whatever the hard numbers may be, Google says that it has been able to track vulnerabilities and says that "the data does not show any evidence of widespread exploitation of Android devices". The monitoring led to the creation of a total of 79 patches - 8 low severity, 41 moderate, 30 high (and none rated critical) - and also showed that an estimated 0.25 per cent of devices have rooting apps installed.

Google acknowledges that relying on Google Play is not a guarantee of avoiding PHAs: "Google Play reviews all applications for potential security issues prior to making them available to users.

"No review process is perfect, and with over 1 million applications in Google Play, there are a small number of Potentially Harmful Applications that do still manage to be published in Google Play."

Photo credit: Kirill__M / Shutterstock