Google published its fifth Android Security Year in Review, finding that in 2018 only 0.08 per cent of devices that used Google Play exclusively for downloads were affected by potentially harmful applications (PHAs).

The search giant said that for devices which installed apps from outside of Google Play, 0.68 per cent were affected by PHAs and, while this number is eight-times higher than for Google Play-only devices, it is still an improvement from 0.8 per cent in 2017.

Google scans all apps installed on a device using its Google Play Protect software, regardless of the source, as rogue downloads “endanger not only the device but also threaten the sanctity of the Android environment”.

In total, more than 50 billion apps are scanned every day across more than 2 billion devices, it said.

Breakdown
PHA install rates from Google Play actually increased from 0.02 per cent in 2017 to 0.04 per cent in 2018, although this was attributed to the inclusion of click fraud as a PHA category for the first time. Like-for-like there was a decrease.

There was also a decline in the number of PHA installation attempts from outside of Google Play. Some 73 per cent of these were blocked by Google Play Protect, with the other 27 per cent either installed before identification or by users who ignored Google Play Protect warnings.

In total, Google Play Protect prevented 1.6 billion PHA installation attempts from outside of Google Play in 2018.

An area where Android has been widely criticised in comparison with Apple’s iOS platform is the availability of software updates, which can have a significant impact on device security.

But following platform initiatives such as Treble, new agreements with device vendors, and partner programmes for enterprises and Android One, the number of Android devices receiving a security update in the fourth quarter of 2018 was up 84 per cent year-on-year (although it did not state what proportion of active Android devices this represents).

Google also said it passed $3 million paid out through its rewards programme during the year. This, it said, enables it to work with top researchers from around the world to improve Android security, offering “some of the highest priced rewards in the industry”.