Google released its Android security report just to let you know that you're not loading up on potentially harmful applications. While the report is partly a marketing vehicle for Android given Apple often touts its security, there are some key takeaways to ponder.
This report is about perception and corralling an ecosystem that's hard to wrangle. Google's Android security report touts a bevy of key figure to illustrate how it's on the case. Consider that more than 90 percent of deployed Google Pixel 2 devices were running a security update from the last 90 days as of December 2017. And due to Google Play's security protections, the annual probability of downloading a potentially harmful application (PHA) was cut 50 percent to .02 percent in 2017.
So, rest assured, Android is secure and more so than ever. The subtext: Take that iPhone and iOS!
But Apple iOS vs. Android security argument is futile (apples vs. oranges, if you will). Apple has a relatively closed ecosystem compared to Android and that -- along with the reality that most users are on the same version of iOS -- mean it's more secure for most people. Google, however, makes it easier to report bugs and get paid for it. Google forked out $1.28 million in its Android Security Rewards program in 2017.
Is Android as secure or more secure than Apple iOS? It depends on the threats you face as well as how much you want to tinker. Google touts the Pixel 2, but the tech buyer will have trouble comparing that security model to Samsung's devices. The real question is what Android device has a security advantage. Google has incorporated security into its enterprise recommended device program. Apple has no such need for these nuances with the enterprise.
Android's security model (think patches from the sky) rhymes with Microsoft's. Google noted that in 2017 it increased the number of Android devices receiving security patches by more than 30 percent. Microsoft has Patch Tuesday and multiple flavors of PCs to protect. Google has more than 60,000 different device models in its ecosystem.
Google Play has given Google more control over security. Like Apple's App Store, one central app distribution point gives Google more security control. Google noted that Android devices that only download apps from Google Play are nine times less likely to get a PHA than devices from other sources. Google Play Protect protects almost two billion devices.
Devices certified by Google's Android Enterprise Recommended
The Android security report is partly aimed at the enterprise. Apple's iOS dominates in the enterprise and Android has to overcome management headaches, security issues, and too many devices to really land CIOs. Google has stepped up its enterprise program and duly noted that fact in its Android security report.
The influx of PHAs now requires daily scanning. Google used to scan devices for PHAs once every six days, but moved to a once-a-day model in 2016. Daily scans led to the identification and removal of 39 million PHAs in 2017. That scale is impressive, but it also highlights how Android is one big target. This scanning can now go offline.
Cloud and machine learning give Google an edge in security. As for the nuts and bolts, Google is relying heavily on machine learning and its cloud platform to find signals and analyze applications.
The report has some interesting metrics worth noting. Data hygiene is one broad metric that could apply across multiple fronts. Google said:
The broadest statistic we use to measure device hygiene is how frequently a routine full-device scan detects PHAs. Since we began to measure device hygiene in late 2014, less than 1% of devices have PHAs installed on average.