Android-Malware

Security on Google’s hugely popular Android operating system has been a bit of an anathema for a long time. The perception has been that Android is particularly susceptible to virus, malware and other harmful software. This has been the sticking point for many users in the ongoing battle for smartphone OS supremacy between Android and iOS. However, if we go by recent reports, it would seem that security on Android is turning a corner. The third annual Annual Security Year in Review report recently released by Google outlines the progress the tech giant has made in their quest to secure Android devices. For the most part, the report showcases a positive in Android security and outlines further plans for the future.

The Google Play Store Is More Secure Than Ever

The good news for all Android users out there is that if you get your apps from the Google Play Store, the chances of infection by Potentially Harmful Apps (PHAs) are lower than ever. Installs of PHAs from the Google Play Store were down across the board. Installs of Trojans went down by 51.5% to a mere 0.016 of installs compared to 2015. During the same time frame hostile downloaders fell down by 54.6% to 0.003 of all installs, backdoors dropped by 30.5% to 0.003% of all installs. Lastly, phishing apps went down by a massive 73.4% to 0.0018% of total installs.

As of Q4 2016, only 0.05% of devices that exclusively used the Play Store for app installs were affected by PHAs. In comparison, that number stands much higher at 0.71% for all Android devices.

Third-Party App Stores and Sideloading Leave Android Vulnerable

While Google’s own Play Store may be getting more secure, Android is still as vulnerable as ever when installing apps from third party app stores or sideloading. In fact, the report notes an increase in the total percentage of devices with PHAs in 2016. The number of these devices went up from 0.5% of total devices in 2015 to 0.71% by the end of 2016. This represents an increase in PHA infected devices by 42%. A 2016 report by Cheetah Mobile Security noted a direct correlation between an increase in the number of infected devices in markets characterised by extensive use of third-party app stores.

Another report by McAfee Labs scanned 150 million apps on third-party stores. They found over 9 million suspicious apps and nearly 37 million counts of detected malware over a period of 6 months.

Trojan Emerged as Main Culprit

Despite the lowering install rate of PHA in 2016, compared to the previous year, Android users are still more vulnerable to harmful attacks. While these PHAs are developed for various security breaches, Trojan comprises the largest share of PHA installs, both on Google Play and outside of Google Play.

More than 50% of PHAs fall under Trojan category on and off Google Play. These PHAs allow hackers to take control of the device and perform any task these trojan malwares are designed for without device users’ consent.

Top PHA

How Google Improved Android Security In 2016

The report by Google also detailed some of the measure taken by Google to patch up Android Security:

  • Google are streamlining their security update program to make patch deployment easier. The ease of A/B updates will also reduce the occurrence of bricked or inactive device issues after updating.
  • They expanded on their monthly security updates program to help accelerate the discovery and patching of security vulnerabilities.
  • The use of machine learning and statistical analysis to automate and speed up PHA detection.
  • Enhanced Safe Browsing features, along with APIs such as SafetyNet Attest to enable third party developers to implement Safe Browing features in their own applications.
  • The implementation of Verify Apps to block harmful secondary installations. According to Google, Verify Apps blocks 0.4-1.2% of all secondary install attempts on a daily basis. Verify Apps scans nearly 400 million devices per day now.
  • Google paid nearly $1 million to researchers to identify vulnerabilities in the Android platform.

The Inconsistency Of OEM Update Patterns Is Still An Issue

In recent years Google has made significant improvements in the quality and frequency of their security updates for Android. It started with the launch of the monthly security updates program in 2015. Under this program, Google’s own Nexus devices would be privy to monthly security updates. Google report that they have released Android security updates for Android 4.4.4 (86.3% of devices worldwide) and up every month of the year in 2016. The problem lies in Google’s inability to get OEMs to comply with a similarly consistent update schedule. Roughly 50% of devices had not received a security update in 2016 despite 735 million devices from numerous OEMs having received at least one platform update.

Takeaways

  • The Google Play Store considerably more secure, with instances of PHAs down across the board.
  • Third party app stores and sideloading apps are one of the biggest sources for PHAs on the Android platform.
  • Verify Apps and its aggressive implementation can help curb instances of PHAs.
  • Roughly 50% of Android devices did not receive a single security update in 2016.