Google: 2017 Android Security Report

Google released the "2017 Android Security Report". This is the fourth time the company has released such a security report, which aims to inform users of the various security protection levels of the Android mobile operating system and the shortcomings of the system. The highlight of this report is that 60.3% of Potentially Harmful Apps (PHAs) are detected by machine learning technology.

The detection of these potentially malicious apps is done by a service called Google Play Protect, which has been pre-installed on more than 2 billion Android devices running Android 4.3 and above, and will continue to scan and detect apps with malicious behavior. Google Play Protect uses a variety of strategies to ensure the data security of Android phone users, and the addition of machine learning technology has taken its ability to detect potentially malicious apps to a higher level.

Both automatic and manual scanning

Earlier this year, Google said that more than 700,000 apps were removed from the Google Play Store in 2017 for violating its rules, a 70% increase from the previous year. Google attributed this achievement to the successful application of machine learning technology to detect apps with abusive behavior, plagiarism, and inappropriate content.

But no more details were released last time. Now, in this latest security report, Google said that 60% of potentially malicious applications were detected by machine learning technology. The company's security team also said: "We expect this ratio to become higher in the future."

Google wrote in its security report that the Play Protect mechanism automatically scanned more than 50 billion mobile apps in 2017, and ultimately found and removed nearly 39 billion Android mobile apps. Play Protect automatically scans Android phones at least once a day, and users can scan manually if they wish.

Until recently, Play Protect required the device to be connected to the internet for detection. Because Google found that 35% of new potential malware installations occurred when the device was offline or lost network connection, Google developed new features to solve this problem. In October 2017, Play Protect launched the offline scanning feature, and since then, the protection mechanism has blocked more than 10 million potentially malicious app installations.

Google Play Store vs. Third-Party App Stores

Android devices generally come with Google's official app store, Google Play Store, when they leave the factory. Android users in most countries get apps from this platform. However, in some countries, third-party app stores have become the only option for Android users to download and install apps, or sometimes users will directly share apps they downloaded from other sources. Google said in a security report that Android devices that only download and install apps from the Play Store are 9 times less likely to encounter potentially malicious apps than Android devices that often get apps from other sources.

In 2017, 0.56% of Android devices with Play Protect installed detected potentially malicious apps, while the rate was 0.77% in 2016. In addition, in 2017, the probability of Android users downloading potentially malicious apps on the Play Store was 0.02%, a decrease of 0.02% from 2016.

Play Protect can remove potentially malicious apps from the Play Store at any time, but it obviously cannot do the same for third-party app stores. For apps downloaded from other sources, Play Protect can only warn Android users that it is a potentially malicious app, and if it detects a ransomware app or a malicious app that could steal your bank account, Play Protect will block its installation.

In 2017, Google blocked 74% of potentially malicious app installations by issuing warnings, compared to 55% in 2016. Google did not disclose specific data for the remaining 26% of potentially malicious app installations that either ignored warnings or were not confirmed as malicious before installation.

Since the Play Protect mechanism does not only detect apps from the Play Store, but also apps from other sources, it should be renamed Android Protect. The report also mentioned the awards given by the Android Vulnerability Collection Project, where Google awarded a total of $2.9 million to 274 security researchers who discovered Android vulnerabilities in 2017. The vulnerability collection project is a good supplement to Google's internal security team, which encourages individual and group hackers to submit their discovered Android vulnerabilities to Google instead of using them maliciously.

The PDF version will be shared to the 199IT exchange group. 199IT thanks you for your support!