The annual Android security report covers a lot of different security topics, many of them obscure or of no concern to the general public. There are a few topics that stand out, however. Among them is the increase in security patch downloads, as well as the impact Google Play's policy enforcement has cut down on malware and harmful applications.
In 2018, security patch downloads skyrocketed by over 84% from the 2017 install numbers. This increase is largely attributed to special OEM agreements the Android team has negotiated. Additionally, in 2018, approximately 0.08% of devices that downloaded and installed apps from Google play unknowingly installed a potentially harmful application (PHA). In contrast, apps that were installed from sources outside of Google Play had a 0.65% PHA rate.
Google Play blocked 1.6 Billion potentially harmful application installations in 2018 alone. That number shows that the Android application landscape is still infested with many harmful applications and malware, but at least Google is doing it's part in limiting the end user impact.
The security report also notes some other important information.
- Strengthened application sandbox and hardened API's for Android developers.
- Introduction of BioMetricPrompt API, Protected Confirmation and "StrongBox"
- Vulnerability rewards program has paid out over $3M.
- Security research competitions cut down on zero day vulnerabilities.
- App security improvement program identifies potential security issues before an app is listed in Google Play.
- Google Play Protect scans over 50 billion apps/day across more than two billion devices.
The security report, of course, sheds an overall positive light on the Android security space. Android still has lots of ground to gain on the likes of Apple when it comes to security but they are making progress.
The full security report is available to download.