Google engineers on Android ecosystem facts and myths

Only less than one percent of Android devices have been found to have a Potentially Harmful App (PHA) installed, according to Google.

SAN FRANCISCO---The Android ecosystem often gets a bad rap for being the mobile operating system most littered with malware.

But how accurate is that assessment anyway?

"There is a certain amount of pessimism in security," admitted Adrian Ludwig, lead engineer for Android Security at Google, at the RSA Conference on Tuesday.

Ludwig decried a number of myths surrounding the definitions of malware and spyware in general. Among these, some of the assumptions floating around include the spread of malware is always increasing, most devices aren't protected, and all malware can compromise them.

Rather, Ludwig retorted almost all Android users actually do have built-in protections on their devices out of the box, mobile malware can be classified and isolated, and mobile malware isn't actually increasing.

Google's goal for keeping Android secure is to take the best platform security tools available - whatever the cost - and then make those services free and available for others to build upon, Ludwig promised.


From the surface, the Android Security Model looks like the basic box diagram of a typical security model. In Android's case, that consists of platform hardening, application isolation, device integrity, and enterprise services (a.k.a. Android for Work).

Android is firmly rooted in openness, Ludwig stressed from thousands of unique devices available, millions of lines of code in Android Open Source, and hundreds of OEMs, ISVs and security solutions encompassed in the ecosystem.

When it comes to security, the strategy still plays out in a variety of manners.

A few of the initial safeguards employed by Google includes verifying apps and the Android Safety Net, which has scanned and verified more than one billion devices over the last year.

Only less than one percent of devices have been found to have a Potentially Harmful App (PHA) installed, according to the Internet giant.

Predictably, increased visibility and usage on Google Play has reduced PHA exposure. The rate of PHA installs dropped by 50 percent in 2014 alone, Ludwig cited. Spyware installs were also found to have decreased 90 percent last year.

There are a few exceptions. Describing these as "regional variations," Ludwig highlighted Russia and China as markets where PHA installs are significantly higher.

"There is not uniformity in what people are encountering," Ludwig said, reiterating findings can vary day by day and region by region.

Install trends also tend to have a characteristic shape by "type," which Ludwig suggested could range from a bad application to a family of apps targeting an asset, such as a bank.

"There is a growth in the prevalence in that kind of harmful app," Ludwig acknowledged, explaining at some points it crosses a threshold and we begin to become aware that is going on.

Ludwig warned, "The risk you're exposed to today is going to be very different from the risk you're exposed to next month."

Slide via Google