A series of new security and privacy features added to Android in the last year have reduced the number of potentially harmful apps installed from Google Play by 40 percent, Google said in a new report on Android security.
The company released its second annual Android Security Report on Tuesday, and there is a multitude of data in the document that reveals the effect that the moves Google has made have had on Android security. Potentially harmful apps (PHAs) are those that aren’t classified as outright malicious, but could include unwanted behavior such as collecting user data or installing spyware. Google has tracks the number of installations of these apps, both from the official Play store and from third-party app stores.
In 2015, the number of PHAs installed from the Play store fell by 40 percent compared to the previous year. Specifically, Google said installations of PHAs that collect user data dropped by 40 percent; spyware installations decreased by 60 percent; and installations of hostile downloaders decreased by 50 percent. The company said 0.15 percent of Android devices that only get apps from the Play store had PHAs installed last year.
Google security engineers said that users who only install apps from the Play store are much safer than users who also install software from third-party app stores.
“It turns out that using only Play is ten times safer than sideloading too,” Elena Kovakina of Google’s Android security team said in a talk on the Android security ecosystem earlier this year.
As part of the enhancements to Android security, Google scans more than 6 billion app installations per day on users’ devices. The company also scans more than 400 million devices each day. Google last year also began releasing monthly security updates for devices running modern versions of Android, which includes devices on version 4.4.4 and later.
“70.8% of all active Android devices are on a version that we support with patches,” the Android report says.
However, that still leaves hundreds of millions of Android devices without regular updates. There were roughly 1.4 billion Android devices active in September, according to Google, so that would leave about 420 million Android devices without patches. In the Android ecosystem, carriers are responsible for pushing security patches to users, so while Google releases security updates each month, not all carriers and device manufacturers release them to users regularly.