Google Introduces Security Transparency Report for Android
12.11.2018 securityweek Android
Google last week added a quarterly Android Ecosystem Security Transparency Report to its Transparency Report site.
The new report aims to provide users with additional insights into how often it detects devices with potentially harmful applications (PHAs) installed, based on routine, full-device scans performed by Google Play Protect.
A built-in protection on Android devices, Google Play Protect currently scans over 50 billion apps every day, both from inside and outside of Google Play, the Internet search giant says. The purpose of these scans is to find PHAs, warn users on their presence, and disable or remove them.
According to Google, the percentage of Android devices with PHAs on them was below the 1% mark in 2014 and has been steadily declining ever since. The trend continues throughout 2018 as well, the company says.
As part of the new transparency report, users will be provided with PHA rates in three areas: market segment (whether a PHA came from Google Play or outside of Google Play), Android version, and country.
“Google works hard to protect your Android device: no matter where your apps come from. Continuing the trend from previous years, Android devices that only download apps from Google Play are 9 times less likely to get a PHA than devices that download apps from other sources,” the company says.
Google reviews submitted apps before publishing them in Google Play, to confirm they comply with the storefront’s policies. A risk scorer is used to analyze apps and detect potentially harmful behavior and suspicious apps are flagged and referred to a security analyst for manual review.
Apps the users download from outside of Google Play are also scanned, and devices are protected from threats arriving in this manner as well.
The Android Ecosystem Security Transparency Report includes a market segment chart with the percentage of Android devices that have one or more PHAs installed over time. Information is provided on PHA rates for devices that either install exclusively from Google Play or from outside of Google Play as well.
“In 2017, on average 0.09% of devices that exclusively used Google Play had one or more PHAs installed. The first three quarters in 2018 averaged a lower PHA rate of 0.08%. […] In 2017, ~0.82% of devices that installed apps from outside of Google Play were affected by PHA; in the first three quarters of 2018, ~0.68% were affected,” Google explains.
Newer Android versions are less affected by PHAs, due to continued platform and API hardening, security updates, and app security and developer training. Newer Android versions, Google also claims, are more resilient to privilege escalation attacks that were previously abused by PHAs to gain persistence and protect themselves against removal attempts.
According to Google, PHA rates in the ten largest Android markets have remained steady, and the new transparency report includes a chart with PHA rates for the top 10 countries with the highest volume of Android devices.
“India saw the most significant decline in PHAs present on devices, with the average rate of infection dropping by 34 percent. Indonesia, Mexico, and Turkey also saw a decline in the likelihood of PHAs being present on devices in the region. South Korea saw the lowest number of devices containing PHA, with only 0.1%,” Google explains.