Google Says Trojan Comprises Over 50% of Harmful App Installs on Android [REPORT]

Must Read

Apple Inc. (AAPL) And Samsung Group (005930) Combined Smartphone Market Share Shrunk To Below 50% In Q1 2014: Huawei and Lenovo Rising Fast!

Apple Inc. (NASDAQ:AAPL) and  Samsung Electronics Co. Ltd. (KRX:005930) are the undisputed heavyweights of the smartphone world. Together, both brands accounted for 50%...

Apple is Being Evil For 1.5 Billion iPhone, iPad Users Worldwide

Last year when Apple Inc. (NASDAQ:AAPL) was accused of recording everything that iPhone users were talking through...

Uber India Layoffs 25% Workforce Citing Tough Market Conditions

After laying off thousands of employees in the US, Uber is scaling down its operations in India...

Security on Google’s hugely popular Android operating system has been a bit of an anathema for a long time. The perception has been that Android is particularly susceptible to virus, malware and other harmful software. This has been the sticking point for many users in the ongoing battle for smartphone OS supremacy between Android and iOS. However, if we go by recent reports, it would seem that security on Android is turning a corner. The third annual Annual Security Year in Review report recently released by Google outlines the progress the tech giant has made in their quest to secure Android devices. For the most part, the report showcases a positive in Android security and outlines further plans for the future.

The Google Play Store Is More Secure Than Ever

The good news for all Android users out there is that if you get your apps from the Google Play Store, the chances of infection by Potentially Harmful Apps (PHAs) are lower than ever. Installs of PHAs from the Google Play Store were down across the board. Installs of Trojans went down by 51.5% to a mere 0.016 of installs compared to 2015. During the same time frame hostile downloaders fell down by 54.6% to 0.003 of all installs, backdoors dropped by 30.5% to 0.003% of all installs. Lastly, phishing apps went down by a massive 73.4% to 0.0018% of total installs.

As of Q4 2016, only 0.05% of devices that exclusively used the Play Store for app installs were affected by PHAs. In comparison, that number stands much higher at 0.71% for all Android devices.


Third-Party App Stores and Sideloading Leave Android Vulnerable

While Google’s own Play Store may be getting more secure, Android is still as vulnerable as ever when installing apps from third party app stores or sideloading. In fact, the report notes an increase in the total percentage of devices with PHAs in 2016. The number of these devices went up from 0.5% of total devices in 2015 to 0.71% by the end of 2016. This represents an increase in PHA infected devices by 42%. A 2016 report by Cheetah Mobile Security noted a direct correlation between an increase in the number of infected devices in markets characterised by extensive use of third-party app stores.

Another report by McAfee Labs scanned 150 million apps on third-party stores. They found over 9 million suspicious apps and nearly 37 million counts of detected malware over a period of 6 months.

Trojan Emerged as Main Culprit

Despite the lowering install rate of PHA in 2016, compared to the previous year, Android users are still more vulnerable to harmful attacks. While these PHAs are developed for various security breaches, Trojan comprises the largest share of PHA installs, both on Google Play and outside of Google Play.

More than 50% of PHAs fall under Trojan category on and off Google Play. These PHAs allow hackers to take control of the device and perform any task these trojan malwares are designed for without device users’ consent.


How Google Improved Android Security In 2016

The report by Google also detailed some of the measure taken by Google to patch up Android Security:

  • Google are streamlining their security update program to make patch deployment easier. The ease of A/B updates will also reduce the occurrence of bricked or inactive device issues after updating.
  • They expanded on their monthly security updates program to help accelerate the discovery and patching of security vulnerabilities.
  • The use of machine learning and statistical analysis to automate and speed up PHA detection.
  • Enhanced Safe Browsing features, along with APIs such as SafetyNet Attest to enable third party developers to implement Safe Browing features in their own applications.
  • The implementation of Verify Apps to block harmful secondary installations. According to Google, Verify Apps blocks 0.4-1.2% of all secondary install attempts on a daily basis. Verify Apps scans nearly 400 million devices per day now.
  • Google paid nearly $1 million to researchers to identify vulnerabilities in the Android platform.

The Inconsistency Of OEM Update Patterns Is Still An Issue

In recent years Google has made significant improvements in the quality and frequency of their security updates for Android. It started with the launch of the monthly security updates program in 2015. Under this program, Google’s own Nexus devices would be privy to monthly security updates. Google report that they have released Android security updates for Android 4.4.4 (86.3% of devices worldwide) and up every month of the year in 2016. The problem lies in Google’s inability to get OEMs to comply with a similarly consistent update schedule. Roughly 50% of devices had not received a security update in 2016 despite 735 million devices from numerous OEMs having received at least one platform update.


  • The Google Play Store considerably more secure, with instances of PHAs down across the board.
  • Third party app stores and sideloading apps are one of the biggest sources for PHAs on the Android platform.
  • Verify Apps and its aggressive implementation can help curb instances of PHAs.
  • Roughly 50% of Android devices did not receive a single security update in 2016.


Please enter your comment!
Please enter your name here

Latest News

Uber India Layoffs 25% Workforce Citing Tough Market Conditions

After laying off thousands of employees in the US, Uber is scaling down its operations in India...

Apple is Being Evil For 1.5 Billion iPhone, iPad Users Worldwide

Last year when Apple Inc. (NASDAQ:AAPL) was accused of recording everything that iPhone users were talking through Siri, the company was quick...

Is Bill Gates Developing Covid-19 Vaccine To Track Billions Of Users Worldwide?

Bill Gates is once again at the centre stage of controversy related to novel Coronavirus. Battling falsehood and paranoid...

Darkest Before Dawn: Can India Survive Its Worst Ever Recession?

Bolt your doors, batter down your hatches, brace yourselves. Recession is about to make landfall. According to Goldman Sachs, a...

Crisis Of Trust: The Glue Between Brands, Customers And Employees!

The COVID-19 crisis, which shows no sign of stopping any time soon, has left no life untouched in terms of impact. It...

WeWork Valuation: $2.9 Billion, Way Below Than Estimated $47 Billion 6 Month Ago

If you are thinking it is some kind of clickbait, you are highly mistaken. The debate on the valuation of WeWork once...

In-Depth: Dprime

Fantastic 4: Four Day Work Week A Flashpoint Of Innovation?

It has been an idea that has been mooted by many, perhaps also somewhat sceptically. From being a dark horse to becoming...

TikTok Is Facing The Wrath Of People Who Love It The Most

Ever since the popular social media app TikTok entered India, it has been growing very aggressively in terms of users. Within a...

Facebook Shops: Looking Beyond Ad Dollars!

Amid this global pandemic, when companies are struggling to find new verticals to pivot towards in order to maintain their revenue and...

More Articles Like This