We keep hearing about new, increasingly more dangerous strains of Android malware, but how safe from abuse and malware is Google’s mobile operating system, really?
If you ask Google, it’s improved by leaps and bounds in that regard last year, primarily thanks to Google Play Protect.
According to Google’s yearly overview of Android security, published on Thursday, there were significantly less potentially harmful applications (PHAs) installed on Android devices in 2017 than in 2016, both from Google Play and elsewhere.
Things have gotten better, especially if you stuck to Google Play.”Downloading a PHA from Google Play was less likely than the odds of an asteroid hitting the Earth,” the company claims in the report.
This is largely due to Google Play Protect, a set of services introduced in May 2017 (many of them existed earlier, but Google made them more visible through Play Protect) that shield Android devices from PHAs. These include scanning for malware, protecting from deceptive websites and allowing third-party app developers to increase the security of their apps through new APIs.
In 2017, Google claims daily device scans through Play Protect helped identify and remove approx. 39 million PHAs from roughly 1 million devices.
While Play Protect has been effective in removing nasty apps, the numbers show that the best way to protect your Android device is to stick to Google’s Play store. In 2017, just 0.02 percent of all app installs through Google Play were PHAs; outside of Google Play, this number was 1.22 percent.
Malware and spyware is one thing, but what about actual security holes in the Android OS? “No critical security vulnerabilities affecting the Android platform were publicly disclosed without an update or mitigation available for Android devices,” claims Google. As for the fact that it often takes a while for patches to trickle down to actual phones, Google says it’s making progress in this area as well: in 2017, 30 percent more Android device received security patches than in 2016.
To read more about nasty PHAs, which have cool names like “IcicleGum” and “JamSkunk,” as well as Google’s efforts to keep them away from Android phones, check out the full report here.