Google Says Trojan Comprises Over 50% of Harmful App Installs on Android [REPORT]

Must Read

Facebook Reveals Big Plans Behind The WhatsApp JioMart Integration In India

After Facebook Inc. (NASDAQ:FB) acquired a minority stake of 9.99% in Jio Platforms for a whopping $5.7 billion in...

Can CBD Gummies Be Beneficial For College Students?

College students often feel more pressure than they have ever—or will ever—feel in their entire lives. Many...

Facebook Launches Music Videos to Eat into YouTube’s Market

With the launch of Music Videos, Facebook has made another competitive move against its biggest opponent, Google.

Security on Google’s hugely popular Android operating system has been a bit of an anathema for a long time. The perception has been that Android is particularly susceptible to virus, malware and other harmful software. This has been the sticking point for many users in the ongoing battle for smartphone OS supremacy between Android and iOS. However, if we go by recent reports, it would seem that security on Android is turning a corner. The third annual Annual Security Year in Review report recently released by Google outlines the progress the tech giant has made in their quest to secure Android devices. For the most part, the report showcases a positive in Android security and outlines further plans for the future.

The Google Play Store Is More Secure Than Ever

The good news for all Android users out there is that if you get your apps from the Google Play Store, the chances of infection by Potentially Harmful Apps (PHAs) are lower than ever. Installs of PHAs from the Google Play Store were down across the board. Installs of Trojans went down by 51.5% to a mere 0.016 of installs compared to 2015. During the same time frame hostile downloaders fell down by 54.6% to 0.003 of all installs, backdoors dropped by 30.5% to 0.003% of all installs. Lastly, phishing apps went down by a massive 73.4% to 0.0018% of total installs.

As of Q4 2016, only 0.05% of devices that exclusively used the Play Store for app installs were affected by PHAs. In comparison, that number stands much higher at 0.71% for all Android devices.


Third-Party App Stores and Sideloading Leave Android Vulnerable

While Google’s own Play Store may be getting more secure, Android is still as vulnerable as ever when installing apps from third party app stores or sideloading. In fact, the report notes an increase in the total percentage of devices with PHAs in 2016. The number of these devices went up from 0.5% of total devices in 2015 to 0.71% by the end of 2016. This represents an increase in PHA infected devices by 42%. A 2016 report by Cheetah Mobile Security noted a direct correlation between an increase in the number of infected devices in markets characterised by extensive use of third-party app stores.

Another report by McAfee Labs scanned 150 million apps on third-party stores. They found over 9 million suspicious apps and nearly 37 million counts of detected malware over a period of 6 months.

Trojan Emerged as Main Culprit

Despite the lowering install rate of PHA in 2016, compared to the previous year, Android users are still more vulnerable to harmful attacks. While these PHAs are developed for various security breaches, Trojan comprises the largest share of PHA installs, both on Google Play and outside of Google Play.

More than 50% of PHAs fall under Trojan category on and off Google Play. These PHAs allow hackers to take control of the device and perform any task these trojan malwares are designed for without device users’ consent.


How Google Improved Android Security In 2016

The report by Google also detailed some of the measure taken by Google to patch up Android Security:

  • Google are streamlining their security update program to make patch deployment easier. The ease of A/B updates will also reduce the occurrence of bricked or inactive device issues after updating.
  • They expanded on their monthly security updates program to help accelerate the discovery and patching of security vulnerabilities.
  • The use of machine learning and statistical analysis to automate and speed up PHA detection.
  • Enhanced Safe Browsing features, along with APIs such as SafetyNet Attest to enable third party developers to implement Safe Browing features in their own applications.
  • The implementation of Verify Apps to block harmful secondary installations. According to Google, Verify Apps blocks 0.4-1.2% of all secondary install attempts on a daily basis. Verify Apps scans nearly 400 million devices per day now.
  • Google paid nearly $1 million to researchers to identify vulnerabilities in the Android platform.

The Inconsistency Of OEM Update Patterns Is Still An Issue

In recent years Google has made significant improvements in the quality and frequency of their security updates for Android. It started with the launch of the monthly security updates program in 2015. Under this program, Google’s own Nexus devices would be privy to monthly security updates. Google report that they have released Android security updates for Android 4.4.4 (86.3% of devices worldwide) and up every month of the year in 2016. The problem lies in Google’s inability to get OEMs to comply with a similarly consistent update schedule. Roughly 50% of devices had not received a security update in 2016 despite 735 million devices from numerous OEMs having received at least one platform update.


  • The Google Play Store considerably more secure, with instances of PHAs down across the board.
  • Third party app stores and sideloading apps are one of the biggest sources for PHAs on the Android platform.
  • Verify Apps and its aggressive implementation can help curb instances of PHAs.
  • Roughly 50% of Android devices did not receive a single security update in 2016.


Please enter your comment!
Please enter your name here

Latest News

After Facebook, Now Twitter is Caught Abusing Phone Number For Ads

Thanatophobia, or fear of death, is a relatively complicated phobia. Similarly, fear of losing your digital accounts to...

Warren Buffett’s Stake In Apple Is Worth More Than Combined Valuation of All Startup Unicorns in India

The Oracle of Omaha has got an eye for a good bet and it's proven time and again. Once a popular critic...

Microsoft Aims Global Acquisition Of TikTok, Including India!

It seems like TikTok can finally shed its Chinese origin from all over the world. It has recently...

Will Google’s Move To Delete 2,500 YouTube Channels Add Fuel To The Fire With China?

The US-China trade war has started rearing its ugly head. Both sides are now turning to extreme measures on the digital front...

Will You Buy iPhone 12 Pro At US$20,500?

if you are suspecting any typo error here, you are highly mistaken! The price of iPhone 12 Pro is US$ 20,500 now...

Google Is Shutting Down Google Play Music

Google Play Music will soon be buried in Google's graveyard. The company has announced that by December the service will be completely...

In-Depth: Dprime

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

Fantastic 4: Four Day Work Week A Flashpoint Of Innovation?

It has been an idea that has been mooted by many, perhaps also somewhat sceptically. From being a dark horse to becoming...

More Articles Like This