Bearing out the conventional wisdom that avoiding third-party app stores is a security best practice, new data from Google shows that Android devices that only download apps from Google Play are nine times less likely to end up with malware.
According to Google’s inaugural Android Ecosystem Security Transparency Report, which will come out quarterly from now on, only 0.09 percent devices that exclusively use Google Play have had one or more “potentially harmful applications” (PHAs) installed. Also, the first three quarters in 2018 averaged an even lower PHA rate, of 0.08 percent. In comparison, in the first three quarters of 2018, 0.68 percent of devices using third-party app store were affected.
The security of devices that installed apps from outside of Google Play has improved however: In 2017, 0.82 percent of these devices were affected by PHAs.
The data also shows that newer versions of Android are less affected by PHAs.
“We attribute this to many factors, such as continued platform and API hardening, ongoing security updates, and app security and developer training to reduce apps’ access to sensitive data,” said Jason Woloz and Eugene Liderman of the Android Security & Privacy Team, in a post on Thursday. “In particular, newer Android versions—such as Nougat, Oreo and Pie—are more resilient to privilege escalation attacks that had previously allowed PHAs to gain persistence on devices and protect themselves against removal attempts.”
Geographically, PHA rates in the 10 largest Android markets have remained steady on average. However, some points stood out: India saw the most significant decline in PHAs present on devices, with the average rate of infection dropping by 34 percent. Indonesia, Mexico and Turkey also all saw a decline in the likelihood of PHAs being present on devices in the region. South Korea saw the lowest number of devices containing PHAs, with only 0.1 percent.
“Since 2017, we’ve reduced [the number of devices infected with PHAs] by expanding the auto-disable feature,” Woloz and Liderman noted. The auto-disable feature flags potential malware and requires user action to continue the installation. “While malware rates fluctuate from quarter to quarter, our metrics continue to show a consistent downward trend over time.”