The overall worldwide rate of Potentially Harmful Applications (PHA) installed on Android devices decreased by nearly 50 percent from early 2014 to later that year, according to the “Android Security State of the Union 2014” report released by Google on Thursday.
PHAs include ransomware and spyware, Adrian Ludwig, lead engineer for Android Security, told SCMagazine.com in a Thursday email correspondence, explaining that numerous factors contributed to the decreased rate of PHA installs throughout the previous year.
“Verify Apps, Google Play, and Safebrowsing are constantly using automation and new data to improve the quality and speed with which they detect potentially harmful behavior,” Ludwig said, adding that, specific to Google Play, less PHAs are making it into the store and being exposed to users.
Furthermore, newer versions of Android have improved the app installation process, Ludwig said, explaining that “newer devices are more resistant to PHAs due to improved application isolation, SELinux, and other security features, and they are also less likely to have a PHA installed to begin with.”
In the end, less than one percent of Android devices had a PHA installed in 2014, according to the report, and 0.15 percent of devices had a PHA installed in the previous year if they only downloaded applications from Google play.
The lengthy report includes various other Android statistics and breakdowns – in 2014, patches were provided for 41 moderate severity vulnerabilities, 30 high severity bugs, and eight low severity flaws, the report indicated, adding that there were no critical vulnerabilities identified last year.
“This information is critical for us as we make data-driven decisions about how to improve the multiple layers of security in the platform itself and in the services Google provides,” Ludwig said. “This data is one reason why, in addition to traditional protections like encryption and application sandboxes, we have broadly deployed automated systems for responding to [PHAs] and other threats.”
Ludwig said that some of the best practices for keeping devices secure include setting a PIN or password, turning on Android device manager, enabling two-factor authentication for Google accounts, encrypting devices, and only installing apps from trusted sources.