Despite Google's efforts to protect customers from malicious applications, many Android users may remain vulnerable because their software isn't unsupported by patches, according to Google's second annual Android Security 2015 Annual Report.
The company said that only about 71 percent of active Android users are running on Android 4.4.4 and higher, the only versions that Google supports with security updates.
“Android has really been stepping up its game in the last few releases with respect to security,” Tripwire security researcher Craig Young told SCMagazine.com via emailed comments.
“Unfortunately Android's platform dashboard shows that there are more devices running completely unsupported software than there are devices running with the two latest (5.1 and 6.0) releases,” he said.
Young said that monthly security updates, on-device app scanning, and migrating WebView updates to the Play Store all contributed to making devices more secure but only if they are running current software.
That last bit presents a big problem for Android, he said, because patching the bug in the Android's ecosystem will likely require handset manufacturers to follow additional rules if they wish to ship devices with Google's proprietary apps, including Gmail, Maps, and Play Store.
In order to protect all Android users from potentially malicious apps, the tech giant checks six billion installed applications per day and scans 400 million devices per day to protect users from network-based and on device threats, according the report.
In addition, Google said that its safe browsing protects hundreds of millions of Chrome users on Android from malicious websites.
Compared to last year, Google has made it more difficult for what it calls "Potentially Harmful Applications" to make it into the Play Store and has decreased the percentage of data collection applications, which copy lists of package names off of devices, by 40 percent.
The company also said it has also decreased the percentage of spyware applications by 60 percent and the percentage of hostile downloaders by 50 percent.