Under one percent of Android devices affected by potentially harmful applications

Devices configured for the Russian or Chinese languages had higher rates of infection

Based on data collected by Google, less than one percent of Android devices had a potentially harmful application installed last year. This includes devices on which users have installed applications from outside the official Google Play store.

The data was collected through a feature called Verify Apps that was first introduced in Android 4.2 back in 2012. The feature, which was also backported to Android 2.3 and higher in 2013, checks locally installed applications for potentially harmful behavior regardless of whether they were downloaded from Google Play or other sources.

Verify Apps initially scanned applications only at installation time, but since March 2014 it also performs background scans, so it can later detect malicious applications that weren't flagged when they were initially installed.

It can detect threats that fall into several categories: Generic PHA (potentially harmful application), Phishing, Rooting Malicious, Ransomware, Rooting, SMS Fraud, Backdoor, Spyware, Trojan, Harmful Site, Windows Threat, NonAndroid Threat, WAP Fraud and Call Fraud.

According to Google's data, the number of devices scanned by Verify Apps has increased steadily since the feature was first introduced, reaching over 200 million devices per day in November 2014.

Prior to October 2014, Verify Apps did not differentiate between devices that only installed apps from Google Play and devices with the "unknown sources" security setting enabled, which allow apps to also be installed from third-party apps stores and other sources, an action commonly known as sideloading.

Sideloading is believed to increase the risk of malware infection for Android devices. Unlike third-party app stores, Google Play has automated mechanisms in place to scan and detect potentially harmful apps uploaded by developers, so it's viewed as safer, even though some malicious applications do sometime make their way into the official store.

"During October 2014, the lowest level of device hygiene was 99.5% and the highest level was 99.65%, so less than 0.5% of devices had a PHA installed (excluding non-malicious Rooting apps)," Google said in a report released Thursday.

On Android, rooting is the process of gaining access to the highest privileged account on the system, called root. This is used by power users to enable advanced functionality that's normally restricted by default, or can be used by malware to escape the Android application sandbox and read data from other apps. So, rooting tools can be both non-malicious and malicious -- usually in the form of exploits.

Devices that have been rooted, intentionally or otherwise, are believed to be at higher risk so Android's Verify Apps scanner can detect both types of rooting apps.

In October, approximately 0.25% of devices had a non-malicious Rooting application installed, Google said.

Some general statistics in Google's report are based on data collected between November 2013 and November 2014, but those that break down data between devices with Google Play-only apps and those with sideloaded apps only cover a two-week period -- mid-October to Nov. 1.

During those two weeks, potentially harmful applications (excluding non-malicious rooting applications) were detected on 0.7 percent of devices with sideloaded apps and on under 0.1 percent of devices that only had apps from Google Play installed.

Verify Apps doesn't track the physical location of devices, but tracks the language (locale) configured on them. While the locale is not an accurate indication of device location, Google found that locale data generally reflected the expected Android user population across different countries, so it was used to draw some conclusions.

For example, devices with the Russian locale that allowed sideloading were more likely to have a potentially harmful application installed than devices with other locales. Between 3 and 4 percent of Russian devices had a PHA installed, Google said.

Their infection rate was considerably higher than that of devices with any other locale, including Chinese, whose rate was 0.8 percent. That's surprising given that Google Play is not available in China so most devices in the country are configured for sideloading.

Meanwhile, only 0.4 percent of devices that allowed sideloading and were configured with the US English locale had a PHA installed, 0.2 percent under the worldwide average, Google said.

When rooting apps were also taken into account, devices with Chinese locale jumped to the top, with a rate of around 8 percent.

"Chinese devices which install apps from outside of Google Play are more likely to have a non-malicious Rooting application than any other region or type of PHA," Google said. "In fact, there are numerous applications from major Chinese corporations that include rooting exploits to provide functionality that is not provided by the Android API. Some of these Rooting applications explicitly describe that they will use an exploit to root the device, but there are some applications which do not describe this functionality to users."

If we exclude Russia, the worldwide rate of PHA installations from outside Google Play has decreased by almost half between the first quarter and the second quarter of 2014, Google said.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Googlesecuritymobile securityspywaremalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?