A recent security report by Google highlights that less than 1% of all devices had a Potentially Harmful Application (PHA) or malware installed. The report also claims that fewer than 0.15% of devices that download only from Google Play had a PHA installed.
Highlighting the efforts of Google in making the Android platform secure, Google noted in the report, “In 2014, the Android platform made numerous significant improvements in platform security technology, including enabling deployment of full disk encryption, expanding the use of hardware-protected cryptography, and improving the Android application sandbox with an SELinux-based Mandatory Access Control system (MAC). Developers were also provided with improved tools to detect and react to security vulnerabilities, including the nogotofail project and the SecurityProvider.”
In 2014, Google also provided device manufacturers with ongoing support for fixing security vulnerabilities in devices, including development of 79 security patches, and improved the ability to respond to potential vulnerabilities in key areas, such as the updateable WebView in Android 5.0. Today, there are over 1 billion devices protected by Google Play.
Google claims that Google’s security services for Android increased protection for users and improved visibility into attempts to exploit Android. Google said that expanded protection in Verify Apps and Safebrowsing provided insight into platform, network, and browser vulnerabilities affecting Android devices. Exploitation attempts were tracked for multiple vulnerabilities, and the data does not show any evidence of widespread exploitation of Android devices. Google’s security services for Android increased protection for users and improved visibility into attempts to exploit Android.
For developers, Google said that in July 2014, Google Play began to use automated systems to find potential vulnerabilities in applications published in Google Play. Google Play can now provide developers with proactive warnings within the Developer Console and via email about security issues affecting their apps. These include warnings about potentially dangerous storage of credentials, use of out-of-date open source libraries, and other best practices. These warnings help improve the overall state of software security in the mobile ecosystem. To date, over 25,000 applications have been updated and no longer contain the potential security issue.