The probability of Android users installing a potentially harmful app (PHA) was reduced by 40 per cent in 2015 compared to 2014, Google said in its second Android Security Annual Report.

The search giant said it scans 400 million devices and 6 billion installed apps every day to protect users from malware, as well as network-based and on-device threats.

“In the last year, we’ve significantly improved our machine learning and event correlation to detect potentially harmful behaviour,” wrote Adrian Ludwig, lead engineer – Android security at Google, in a blog post.

“We strongly believe that rigorous, data-driven discussion about security will help guide our efforts to make the Android ecosystem safer,” he added.

Other stats include: data collection by apps decreased over 40 per cent to 0.08 per cent per cent of installs and spyware decreased 60 per cent to 0.02 per cent of installs.

Overall, PHAs were installed on fewer than 0.15 per cent of devices that only get apps from Google Play. About 0.5 per cent of devices that install apps from both the Play store and other sources had a PHA installed during 2015, similar to the data in last year’s report.

Google said it wants to protect users that fall into the second category through its Verify Apps service. It made changes to the service’s warning dialogue to make it easy for users to proceed with the option of not installing a PHA.

“Changing the user experience resulted in 50 per cent fewer users installing PHAs,” the report observed.

In 2015, Google saw an increase in the number of PHA install attempts outside of Google Play, and disrupted several coordinated efforts to install PHAs onto user devices from outside of Google Play, the report noted.

Android 6.0 Marshmallow also came with new security protections and controls. For instance, updated app permissions enable users to manage the data they share with specific apps with “more granularity and precision”.

In June, Android joined Google’s Vulnerability Rewards Program, which pays security researchers when they find and report bugs. Google fixed over 100 vulnerabilities reported and paid researchers more than $200,000 for their findings.

In August, Google launched a monthly public security update programme to the Android Open Source Project. Since then, manufacturers have provided monthly security updates for hundreds of unique Android device models and hundreds of millions of users have installed monthly security updates to their devices, the report said.

However, many Android devices are still not receiving monthly updates and Google said it is increasing efforts to help partners update more devices in a timely manner.