Google says that it is getting better than ever at protecting Android users against bad apps and malicious developers.
How many apps did Google remove from its app marketplace after finding they violated Google Play store policies? More than 700,000. That’s an impressive 2000 or so every day, and 70% more than the number of apps removed in 2016.
Furthermore, Google says it is getting better at proactively protecting Android users from the growing menace of mobile malware:
“Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99% of apps with abusive contents were identified and rejected before anyone could install them. This was possible through significant improvements in our ability to detect abuse – such as impersonation, inappropriate content, or malware – through new machine learning models and techniques.”
Furthermore, Google claims it banned more than 100,000 developer accounts controlled by “bad actors” who had attempted to create new accounts and publish yet more malicious apps.
The most common trick used by the malicious apps is impersonation, where they intentionally present themselves as well-known popular legitimate apps in an attempt to achieve a large number of downloads. Google says that it removed more than 250,000 impersonating apps during 2017.
Impersonating apps can’t necessarily be considered as unpleasant as malware, but they are clearly an attempt to generate money by duping users into downloading and installing bogus versions of an app – thereby potentially stealing revenue from the genuine developer, and damaging reputations.
The term that Google uses for what we would most likely call malware is “Potentially Harmful Applications”, or PHA for short.
“PHAs are a type of malware that can harm people or their devices — e.g., apps that conduct SMS fraud, act as trojans, or phishing user’s information. While small in volume, PHAs pose a threat to Android users and we invest heavily in keeping them out of the Play Store.”
Google doesn’t share in its blog post specific figures for how much malware it is preventing from entering the Play Store, and admits that detection is complex. However, the company does say that install rates of PHAs have halved in the last year:
“Finding these bad apps is non-trivial as the malicious developers go the extra mile to make their app look as legitimate as possible, but with the launch of Google Play Protect in 2017, the annual PHA installs rates on Google Play was reduced by 50 percent year over year.”
In media interviews, Google Play product manager Andrew Ahn says that “you have a lower probability of being infected by malware from Play than being hit by lightning.”
That’s a great soundbite. Curiously, Google’s Android security team seems fixated with lightning. In March 2017, Jason Woloz, senior program manager of Android security, claimed that the chances of Android users being hit by ransomware were less than the chances of being “struck by lightning twice in your lifetime.”
Of course, we all know that things aren’t perfect. And Google concludes its article acknowledging that despite its successes, it knows some malicious apps “still manage to evade and trick our layers of defense.”
That’s why I continue to recommend that users take some responsibility for their smartphone security, taking care over the apps they install, and – yes – running an anti-virus solution to reduce the risks.
Despite the reports from Google’s Android security team of impressive improvements, the truth is that bad apps have often been found on the Google Play store, and barely a week goes by without reports of malicious Android apps being discovered and sometimes downloaded thousands of times.
Google has some way to go before it can convincingly claim that it has achieved its aim, to be “the most trusted and safe app store in the world.”
Author Graham Cluley, We Live Security