“Potentially harmful” apps
Apple often emphasises the security of its platform when launching new products. In contrast, Google’s Android has long been seen to have a security problem. Unlike Apple’s walled garden, the open nature of Android has made it easier for malware and scammers to get established on the platform.
The headline statistics from the 2017 Android Security Review demonstrate Google’s progress in making Android a safer place. The company managed to halve the probability of an Android user downloading a “potentially harmful app” (PHA) from 0.4% down to just 0.2%.
READ NEXT: Microsoft expands Windows Meltdown and Spectre patches
Given that 0.4% was already a tiny minority of users, the significant reduction during 2017 highlights the evolution of Google’s detection tools. The company attributed the results to its adoption of machine learning techniques. According to Google, 60.3% of all PHAs found last year were identified using automated mechanisms. It added that it expects this figure to grow further in 2018.
Machine learning makes Google’s PHA protections more effective by allowing thousands of apps to be reviewed each day. It can also dive deeper into app packages, identifying code patterns and suspicious permission demands that could reveal an app’s malicious nature.
Google said that its Play Protect PHA shield now scans over 50 million apps daily to identify potential risks. Suspicious packages are flagged to Google’s security team for further investigation.
Android “leads the industry”
According to Google, innovations such as Play Protect led to a “significant leap forward” in Android’s security last year. The company said it gauges the platform’s security level by analysing its own data and insights provided by third-party security firms.
Writing in its report, Google claimed that indicators from industry professionals also signalled “improved overall security” and “a strength of protection that now leads the industry.” Google’s clearly viewing Android as an equal to iOS when it comes to protecting consumers.
READ NEXT: Prilex malware clones chip-and-PIN payment cards
“With more than 2 billion active Android devices, it’s essential that Google provides the best protections for users at scale. We are committed to protecting users’ privacy and security across different device types, such as smartphones, automobiles, wearables, TV, Things and more,” said Google.
“We measure our improvement based on our own data about the Android ecosystem. We look at metrics, such as how many devices have installed Potentially Harmful Applications (PHAs), what protections they have in place, where PHAs are coming from, as well as third-party analysis and industry signals.”
Update improvements
Google also addressed the state of Android security updates. The company said that 30% more Android devices now receive regular security patches than at the start of 2017. The fragmented nature of the Android platform has historically led to long delays in the release of updates to customers.
Over the past year, Google has moved to make it simpler for device manufacturers to provide updates. Last year, Google unveiled its Project Treble initiative as a way to simplify the device update process. It separates the core of Android from the complex networking and cellular functions, allowing the OS to be updated without impacting on wireless operations.
Going forward, all Android phones will be required to include Treble support. Some existing devices will also be updated to include the platform, although manufacturers won’t be obliged to add the feature. Devices that do utilise Treble should see more regular updates, as new packages won’t need to go through a lengthy cellular approval process.
