Its long-running fight is beginning to pay off however according to a new report on the “State of the Union” by Google’s Lead Engineer for Android Security, Adrian Ludwig. Dubbing malicious Android apps as “Potentially Harmful Applications” (PHAs), Ludwig reveals that fewer than 1% of Android devices had a PHA installed during 2014.
Of particular note is that the total number of PHA installs worldwide decreased by nearly 50% throughout the year. The security of Google Play versus third-party app stores is highlighted as less than 0.15% of devices that only used Google Play for app downloads had a PHA installed.
Google has published a detailed 44-page report into its findings. The document covers all forms of PHAs from ransomware to SMS abuse but Ludwig is still dissatisfied and striving to do more to make Android into a healthy, secure ecosystem.
He said: “We thought it was really important to put as much data as we could out there. I kind of apologize for the fact that it’s 40-some pages, but hopefully next year it will be 150 pages and we’ll get even more data.”
Despite the positive fronting, large numbers of Android devices do still have “PHAs” installed though. Over 10 million phones and tablets could be infected across all stores. 1.5 million of those are believed to only ever use Google Play.
The company acknowledged that Play still harbours some malicious products, saying: “No review process is perfect, and with over 1 million applications in Google Play, there are a small number of Potentially Harmful Applications that do still manage to be published in Google Play.”
Ludwig writes that Android has been designed with “multiple layers” of security that help to protect the platform and devices and users that rely on it. Clearly, some work is still to be done though – despite Google’s continuing efforts – before Android will be free of the malware issue that has plagued it in the past.