Authorization

Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’

Google’s Android, now 10 years old, has not been a stranger to security issues over the years. But with the mobile operating system now installed on over 2 billion devices globally, Google has been taking an increasingly firmer grip on trying to bring the problem under control. Now, the company has published its lengthy annual update to take stock on just how well that is going.
It’s a slippery slope to be sure, with the number of apps and the enterprising attempts to maliciously exploit them both growing. To wit, 0.04 percent of all downloads from Google Play were classified as potentially harmful applications (PHAs) by Google, versus 0.02 percent in 2017 — an increase in part because Google is growing the categories it’s identified and is tracking.
(As for what that translates to in actual numbers, one estimate for Android downloads in 2018, from SensorTower, puts the figure at 75.7 billion; 0.04 percent of that works out to 30.3 million apps classified as potentially harmful applications.)
But Google said that new policies, such as more privacy-hardened APIs, along a wider implementation of Google Play Protect — its built-in malware scanner that comes with unforked versions of Android — have contributed to the company overall making a dent in the problem.
One area that Google singled out in the report this year was the impact that it’s having on protecting devices and users when they download and use apps from outside the Google Play store.
As this is a newer area that it’s tackling with more focus, there are more quantifiable wins to be had, and broadcasted. It didn’t provide a specific figure for how many PHAs it blocked from the Google Play store in 2018 (note that in 2017 it did disclose this: it was 700,000). But in 2018 it noted that “Google Play Protect prevented 1.6 billion PHA installation attempts from outside of Google Play.”
Notably, when it comes to apps on the Google Play store, on devices running unforked versions of Android, the dent seems to be mostly keeping the problem of potentially harmful applications at bay, while the impact on apps that are sideloaded not through Google Play has been more pronounced.
Google noted that in 2018, some 0.08 percent of devices that used Google Play exclusively for app downloads were affected by PHAs. That figure, however, is actually the same as the year before, and actually a bit higher than the year before that.
In contrast, the impact on those downloaded outside of Google Play has been more dramatic — albeit the problem is clearly a bigger one. The number detected in 2018 stood at 0.68 percent, down 15 percent from 0.8 percent a year ago (which itself also had gone up from 2016).
Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’

The chances of installing malicious apps, meanwhile, are improved if you have Google Play Protect working. Some 0.45 percent of Android devices using it, installed PHAs, down from 0.56 percent in 2017.
It seems also that this trend is partly down to general improvements over time across the whole Android ecosystem, with later versions of the OS showing better rates of PHA installs. Notably, however, the reduct between Oreo and Pie was only a 0.01 percentage point. It’s getting more challenging to address the problem after more drastic reductions in earlier years.




Android security: 0.04% of downloads on Google Play in 2018 were ‘potentially harmful apps’

In terms of the categories that are covered by PHAs at the moment, click fraud is by far the highest category both in terms of install rates and distribution. Notably, 2018 was the first year that Google started tracking click fraud as a potentially harmful application: in the past it had been classified as a policy violation. This is one example of how it’s looking to cover more surfaces for potential vulnerabilities, but also a surprise to see that it wasn’t part of the mix before, considering how huge it is. Partly as a result of it now detecting and blocking click-fraud post recategroization, Google noted that it “expect[s] click fraud to remain a profitable fraud vector, but at a lower scale than in 2018.”
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Июнь 2019    »
ПнВтСрЧтПтСбВс
 12
3456789
10111213141516
17181920212223
24252627282930