Google says that it is getting better than ever at
protecting Android users against bad apps and malicious developers.
In fact, in a recent post on the Android Developers blog,
the company boasts that it removed a record number of malicious apps from the
official Google Play store during 2017.
How many apps did Google remove from its app
marketplace after finding they violated Google Play store policies? More than
700,000. That’s an impressive 2000 or so every day, and 70% more than the
number of apps removed in 2016.
Furthermore, Google says it is getting better at
proactively protecting Android users from the growing menace of mobile malware:
“Not only did we remove more bad apps, we were able
to identify and action against them earlier. In fact, 99% of apps with abusive
contents were identified and rejected before anyone could install them. This
was possible through significant improvements in our ability to detect abuse –
such as impersonation, inappropriate content, or malware – through new machine
learning models and techniques.”
Furthermore, Google claims it banned more than
100,000 developer accounts controlled by “bad actors” who had attempted to
create new accounts and publish yet more malicious apps.
The most common trick used by the malicious apps is
impersonation, where they intentionally present themselves as well-known
popular legitimate apps in an attempt to achieve a large number of downloads.
Google says that it removed more than 250,000 impersonating apps during 2017.
Impersonating apps can’t necessarily be considered
as unpleasant as malware, but they are clearly an attempt to generate money by
duping users into downloading and installing bogus versions of an app – thereby
potentially stealing revenue from the genuine developer, and damaging
reputations.
The term that Google uses for what we would most
likely call malware is “Potentially Harmful Applications”, or PHA for short.
“PHAs are a type of malware that can harm people or
their devices — e.g., apps that conduct SMS fraud, act as trojans, or phishing
user’s information. While small in volume, PHAs pose a threat to Android users
and we invest heavily in keeping them out of the Play Store.”
Google doesn’t share in its blog post specific
figures for how much malware it is preventing from entering the Play Store, and
admits that detection is complex. However, the company does say that install
rates of PHAs have halved in the last year:
“Finding these bad apps is non-trivial as the
malicious developers go the extra mile to make their app look as legitimate as
possible, but with the launch of Google Play Protect in 2017, the annual PHA
installs rates on Google Play was reduced by 50 percent year over year.”
In media interviews, Google Play product manager
Andrew Ahn says that “you have a lower probability of being infected by malware
from Play than being hit by lightning.”
That’s a great soundbite. Curiously, Google’s
Android security team seems fixated with lightning. In March 2017, Jason Woloz,
senior program manager of Android security, claimed that the chances of Android users being
hit by ransomware were less than the chances of being “struck by lightning
twice in your lifetime.”
Of course, we all know that things aren’t perfect.
And Google concludes its article acknowledging that despite its successes, it
knows some malicious apps “still manage to evade and trick our layers of
defense.”
That’s why I continue to recommend that users take
some responsibility for their smartphone security, taking care over the apps
they install, and – yes – running an anti-virus solution to reduce the risks.
Despite the reports from Google’s Android security
team of impressive improvements, the truth is that bad apps have often been
found on the Google Play store, and barely a week goes by without reports of
malicious Android apps being discovered and sometimes downloaded thousands of
times.
Google has some way to go before it can convincingly
claim that it has achieved its aim, to be “the most trusted and safe app store
in the world.”