“Android security” is often portrayed as oxymoronic. It seems there are daily headlines about the latest threat, whether it be malware like Stagefright or a bank-account stealing trojan.
Google wants to change the narrative. The company unveiled its second-annual Android Security Report Tuesday, and argued that a comprehensive picture of the data tells a different story: Android is largely safe, as Google and its partners aggressively monitor applications and the ecosystem as a whole with several different security protocols.
Adrian Ludwig, the lead engineer for Android security, offered a few key takeaways to illustrate some of the work being done:
- Google checks six billion installed apps daily for malware (Potentially Harmful Apps in Google’s parlance).
- A total of 400 million devices per day are scanned for network-based and on-device threats.
- Among devices that only get their apps from Google Play, less than .15 percent had a potentially harmful app.
The full 2015 annual report is 48 pages, which you can read here. Looking forward, Ludwig said Google will nudge Android manufacturers to follow the new monthly update security updates that roll out to Nexus devices (and a few other expensive, high-end phones). Some are following it more closely than others, and more involvement would ensure you get the latest patches without the need to wait for a new version of Android. This remains critical, given that just under five percent of active devices are running Marshmallow.
The story behind the story: One of the biggest knocks against Android has been that it’s insecure in comparison to the tightly-controlled iOS. The nature of Android makes it impossible for Google to reign things in completely, but the report indicates there’s a lot of work being done to do battle against security threats. Google needs Android to be secure not just for consumers, but for any businesses that might consider a deployment of Android devices to employees. No one wants to be constantly battling malware when they’re trying to get work done.