Much of the progress Google has made in the past year has been driven by its Verify Apps system. Verify Apps is able to intelligently monitor apps you install to make sure they’re not infected. The system conducted 750 million checks each day last year, compared with 450 million in the previous year.
In total, Google said 0.71 percent of all Android devices had a potentially harmful app (PHA) installed at the end of 2016. This is a significant increase from 0.5 percent in 2015. However, the rise is offset by improvements made in other areas, most notably the reduced installations of malware from Google Play.
Android’s open nature means users often install apps from sources other than the Play Store. Although there are reputable third-party stores, external downloads are generally less secure than using the tightly moderated Google Play. Google said Play is still the safest place for users to download apps. It made large strides in lowering the number of PHAs available in the store during 2016.
The number of trojans acquired via Play Store downloads dropped 51.5 percent to 0.016 percent of installs. Hostile downloaders saw a similar improvement, falling from 54.6 percent to only 0.003 percent of installs. The biggest gains were made against phishing apps, now accounting for just 0.0018 percent of installs after dropping 73.4 percent in a year.
Google recognised there’s still more work to do before Android’s security problems are “solved.” It’s now in a better place to offer users more protection, owing to the introduction of new technologies that make it easier to spot and eliminate PHAs. Its aim for 2017 is to roll out new tools that will protect users who install apps from outside Google Play and aren’t supported by its existing systems.
“We appreciate all of the hard work by Android partners, external researchers, and teams at Google that led to the progress the ecosystem has made with security in 2016,” said Google. “But it doesn’t stop there. Keeping users safe requires constant vigilance and effort. We’re looking forward to new insights and progress in 2017 and beyond.”
Google also addressed the issue of Android security updates. Android is still a notoriously fragmented platform and many devices go without updates for months or even years, if they receive them at all. Google claimed that progress is being made, stating that 735 million devices from over 200 manufacturers were regularly updated last year.
Google is working with hardware and carrier partners to make sure its monthly security update packages make it to as many users as possible. However, it admitted that only half of the top 50 devices worldwide currently receive updates, indicating a lot more needs to be done to keep users protected. Half of devices in use at the end of 2016 hadn’t received any updates during the year, leaving them at risk of attack via known vulnerabilities.
You can read the full Android Security Report for 2016 online or watch Google’s webinar for all the details. The company pledged to continue providing transparent information on its security activities, making Android a safer place to browse and work.
