The words “Android” and “security” have not been the best of bed fellows of late with researchers claiming only 10% of Android devices are secure and hackers regularly finding exploits in the operating system.
Perhaps to allay fears that the OS is an unkempt mess, Google has released its second Android Security report for the year ending 2015.
The report deals with all facets of the Google operating system including cloud services and the Google Play Store.
Google scans 6 billion installed apps everyday for potential threats even though apps are scanned before they enter the Play store.
Smoke and mirrors, begone
In the past we’ve seen how cyber criminals can trick users into downloading a malicious app even when it came from the Google Play store.
Changes to the way in which Google detects, and warns users about Potentially Harmful Apps has led to only 0.15% of Android smartphones and tablets having an instance of malicious software installed on them.
That number represents users who only use the Google Play Store to get their applications, for those that used another source as well as the Play Store, this number jumped to 0.5%.
Google has also seen a decline in potentially harmful apps which are classified as data collection, spyware and hostile downloaders. Instances were malicious apps such as these declined by a total of 0.11%.
“It’s critical that we also protect users that install apps from sources other than Google Play. Our Verify Apps service protects these users and we improved the effectiveness of the potentially harmful app warnings,” Google said in the report.
The way Google notifies Android users about the dangers an app might contain within was also updated to be more user friendly. The addition of a red warning sign and hiding the “Install anyway” option, led to a 50% decline in users installing potentially harmful apps.
A red warning sign sounds trivial but you can’t deny a decline of 50% is impressive.
The trouble is that as safe as the Play Store seems to be right now, many of the security features that Android 6.0 Marshmallow, such as full disk encryption, are for “devices with adequate hardware capabilities”.
Couple this with the fact that manufacturers are infamous for not updating their particular flavour of Android which can have bugs and back doors and you have a very fragmented ecosystem.
The search giant has addressed this shortfall as well with its Android Open Source Project through, which it claims, “manufacturers have provided monthly security updates for hundreds of unique Android device models and hundreds of millions of users have installed monthly security updates to their devices.”
Hey, at least Google is taking security seriously and if it can get manufacturers on board and improve the user experience for all Android users, that deserves a tip of the hat from us.[Source – Google][Image – CC BY/2.0 MIKI Yoshihito]