author photo
By Bruce Sussman
Mon | Apr 1, 2019 | 8:31 AM PDT

How secure are Android devices?

Google just issued its 2018 Android Security Report, which is focused on what it calls the broadest statistic for measuring device hygiene: how frequently a full-device scan detects Potentially Harmful Applications (PHAs).

Malware rates and the number of PHAs dropped to record low levels even as the number of apps for the Android operating system continues to grow.

"In 2018 only 0.08% of devices that used Google Play exclusively for app downloads were affected by PHAs. In contrast, devices that installed apps from outside of Google Play were affected by PHAs eight times more often. Compared to the previous year, even those devices saw a 15% reduction in malware due to the vigilance of Google Play Protect."

7 reasons Android devices are more secure than ever

At SecureWorld, we know our audience wants to know the why and how behind statistics like these.

What is Google doing to make Android devices more secure, and can I implement any of these strategies within my organization?

Here are a few things spelled out in the Android Security Report:

  1. More Android devices are installing security updates, thanks to OEM and partner agreements. "In the 4th quarter of 2018 we had 84% more devices receiving a security update than in the same quarter the prior year."
  2. With the release of Android 9, security improvements: "We strengthened the application sandbox and hardened the developer APIs."
  3. Paying more in bug bounties: "In 2018 we surpassed $3 million in total reward program payouts."
  4. Android devices were part of security competitions: "The Android Security & Privacy team participated in a number of external vulnerability discovery and disclosure competitions."
  5. Android's App Security Improvements Programs keeps growing: "Before any app is accepted into Google Play, it’s scanned for safety and security issues. To date the program has helped over 300,000 developers remediate over 1,000,000 Play applications."
  6. Google Play Protect has become the most deployed mobile threat protection in the world, and it continues to be improved in these ways: It is now enabled by default; it now warns users if they're downloading a PHA or a rarely downloaded app; and it warns users when they are about to launch a potentially harmful app.
  7. Google works with OEMs to scan pre-installed apps for security and privacy violations: "During its first calendar year [the program] prevented 242 builds with PHAs from entering the ecosystem.

These are seven of the ways Google and Android increased the security of the Android endpoints running on your network, or in your pocket, over the last year.

[RELATED: Be sure to check your local SecureWorld conference agenda  and join your peers in sharing cybersecurity best practices.]