Google Says Trojan Comprises Over 50% of Harmful App Installs on Android [REPORT]

Must Read

WhatsApp Might Lose 60 Million Indian Users Post Updated Policy Changes, New Survey Reveals!

The Facebook-owned instant messaging platform’s decision to update their privacy and terms of service brought about a...

Uber and Ola In Hot Water: India Authorities Launch Fresh Probe!

The Directorate General of Goods and Services Tax Intelligence (DGGI) sent a summons to Uber and Ola...

Happy B’Day Gordon Moore: One Of The Founding Fathers Of Silicon Valley

Gordon Earle Moore co-founded the paramount Intel Corporation (NASDAQ: INTC) with Robert Noyce in July 1968, which is worth $204.16...

Security on Google’s hugely popular Android operating system has been a bit of an anathema for a long time. The perception has been that Android is particularly susceptible to virus, malware and other harmful software. This has been the sticking point for many users in the ongoing battle for smartphone OS supremacy between Android and iOS. However, if we go by recent reports, it would seem that security on Android is turning a corner. The third annual Annual Security Year in Review report recently released by Google outlines the progress the tech giant has made in their quest to secure Android devices. For the most part, the report showcases a positive in Android security and outlines further plans for the future.

The Google Play Store Is More Secure Than Ever

The good news for all Android users out there is that if you get your apps from the Google Play Store, the chances of infection by Potentially Harmful Apps (PHAs) are lower than ever. Installs of PHAs from the Google Play Store were down across the board. Installs of Trojans went down by 51.5% to a mere 0.016 of installs compared to 2015. During the same time frame hostile downloaders fell down by 54.6% to 0.003 of all installs, backdoors dropped by 30.5% to 0.003% of all installs. Lastly, phishing apps went down by a massive 73.4% to 0.0018% of total installs.

As of Q4 2016, only 0.05% of devices that exclusively used the Play Store for app installs were affected by PHAs. In comparison, that number stands much higher at 0.71% for all Android devices.


Third-Party App Stores and Sideloading Leave Android Vulnerable

While Google’s own Play Store may be getting more secure, Android is still as vulnerable as ever when installing apps from third party app stores or sideloading. In fact, the report notes an increase in the total percentage of devices with PHAs in 2016. The number of these devices went up from 0.5% of total devices in 2015 to 0.71% by the end of 2016. This represents an increase in PHA infected devices by 42%. A 2016 report by Cheetah Mobile Security noted a direct correlation between an increase in the number of infected devices in markets characterised by extensive use of third-party app stores.

Another report by McAfee Labs scanned 150 million apps on third-party stores. They found over 9 million suspicious apps and nearly 37 million counts of detected malware over a period of 6 months.

Trojan Emerged as Main Culprit

Despite the lowering install rate of PHA in 2016, compared to the previous year, Android users are still more vulnerable to harmful attacks. While these PHAs are developed for various security breaches, Trojan comprises the largest share of PHA installs, both on Google Play and outside of Google Play.

More than 50% of PHAs fall under Trojan category on and off Google Play. These PHAs allow hackers to take control of the device and perform any task these trojan malwares are designed for without device users’ consent.


How Google Improved Android Security In 2016

The report by Google also detailed some of the measure taken by Google to patch up Android Security:

  • Google are streamlining their security update program to make patch deployment easier. The ease of A/B updates will also reduce the occurrence of bricked or inactive device issues after updating.
  • They expanded on their monthly security updates program to help accelerate the discovery and patching of security vulnerabilities.
  • The use of machine learning and statistical analysis to automate and speed up PHA detection.
  • Enhanced Safe Browsing features, along with APIs such as SafetyNet Attest to enable third party developers to implement Safe Browing features in their own applications.
  • The implementation of Verify Apps to block harmful secondary installations. According to Google, Verify Apps blocks 0.4-1.2% of all secondary install attempts on a daily basis. Verify Apps scans nearly 400 million devices per day now.
  • Google paid nearly $1 million to researchers to identify vulnerabilities in the Android platform.

The Inconsistency Of OEM Update Patterns Is Still An Issue

In recent years Google has made significant improvements in the quality and frequency of their security updates for Android. It started with the launch of the monthly security updates program in 2015. Under this program, Google’s own Nexus devices would be privy to monthly security updates. Google report that they have released Android security updates for Android 4.4.4 (86.3% of devices worldwide) and up every month of the year in 2016. The problem lies in Google’s inability to get OEMs to comply with a similarly consistent update schedule. Roughly 50% of devices had not received a security update in 2016 despite 735 million devices from numerous OEMs having received at least one platform update.


  • The Google Play Store considerably more secure, with instances of PHAs down across the board.
  • Third party app stores and sideloading apps are one of the biggest sources for PHAs on the Android platform.
  • Verify Apps and its aggressive implementation can help curb instances of PHAs.
  • Roughly 50% of Android devices did not receive a single security update in 2016.


Please enter your comment!
Please enter your name here

Latest News

Snapchat Spotlight: A New Way for Creators to Earn Money

Short-form video applications have increased overwhelmingly in popularity in recent times. The surge in this format of...

COVID-19 Unemployment Leading To Ageing Indian Workforce, CMIE Reports

The latest data shared by the CMIE aka Centre for Monitoring Indian Economy has highlighted a huge red flag.

The Slip-Ups Keep On Coming: WhatsApp Web Users’ Mobile Data Leaked On Google

As the developments have unfolded over the past week, the clock for WhatsApp seems to be ticking with every passing minute and...

Trump Administration Has Landed Its Final Blow On Chinese Companies: Xiaomi Blacklisted!

In its recent move to safeguard national security, the United States’ Trump Administration has decided to go after China’s second-biggest smartphone marker...

Huawei Is Gunning For Acquiring A Fifth Of Android’s Userbase With Its Own HarmonyOS!

After Google’s ban on Huawei in 2019, the Chinese-origin tech company is all set to roll out HarmonyOS later in 2021 as...

Battle Lines Are Drawn: Qualcomm’s Latest Acquisition to Challenge Apple, Intel

The quest to gain supremacy creates a butterfly effect for sure. With the challengers and the champion pulling out all stops to...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This