Google has a big stake in the security of Android, they’ve been steadily improving security over the last few years and they’ve now released their third annual report into Android security.
The release of Nougat for Android late last year was a milestone for the Android ecosystem, but it was late in the piece and even 2016 flagships are just now receiving the update. So what about the rest of devices on Android? One project that Google worked on was protecting users from Potentially Harmful Apps (PHAs). Built-in protections in Android including Verify Apps which scan apps as they’re installed and used have improved security in this area, with Google advising they conducted 750 million daily checks last year, up from 450 million the previous year.
Google Play is of course quite protected with additional scans of apps uploaded and subsequently distributed to users. It’s one of the safest places to download apps with Google finding PHAs decreasing overall:
- Now 0.016 percent of installs, trojans dropped by 51.5 percent compared to 2015
- Now 0.003 percent of installs, hostile downloaders dropped by 54.6 percent compared to 2015
- Now 0.003 percent of installs, backdoors dropped by 30.5 percent compared to 2015
- Now 0.0018 percent of installs, phishing apps dropped by 73.4 percent compared to 2015
Google has also released stats on Monthly Security updates and they show that things aren’t great if you don’t buy a top tier device, though Google did find that 735 million devices received a platform security update last year. Google also said that between carriers and hardware partners over half of the top 50 devices worldwide received an update in the last quarter of 2016.
It’s a matter of adoption, Google did release monthly Android security updates throughout 2016, covering devices running Android 4.4.4 and above. It’s just that manufacturers don’t seem to be incentivised to release them to actual devices. This is shown by Google finding that ‘about half of devices in use at the end of 2016 had not received a platform security update in the previous year’.
Using a ‘top tier’ device, or a Nexus/Pixel and only downloading apps through Google Play seems to be the best way to keep your device up to date. Of course not everyone can afford a flagship phone, so there’s still a wide gap between phones that are secured regularly and those that aren’t – and we can only hope that Android O brings about some improvements in this area.
You can read the full report here, or check out the Android Security Webinar hosted by Adrian Ludwig, Director of Android Security at Google here: