The Android Security team has just published its year in review of the mobile operating system for 2016. Sifting through the report, major highlights include improvements in dangerous app detection and increased collaboration with partners on monthly patches. Google also shared some of its security plans for the year ahead.
One goal was to reduce the number of Potentially Harmful Apps through improved tracking. Google notes that its Verify Apps service conducted 750 million daily checks in 2016, up from 450 million in 2015.
Inside the Play Store, there were across the board drops with only 0.05 percent of devices that downloaded apps from Google containing a PHA; down from 0.15 percent in 2015:
- Now 0.016 percent of installs, trojans dropped by 51.5 percent compared to 2015
- Now 0.003 percent of installs, hostile downloaders dropped by 54.6 percent compared to 2015
- Now 0.003 percent of installs, backdoors dropped by 30.5 percent compared to 2015
- Now 0.0018 percent of installs, phishing apps dropped by 73.4 percent compared to 2015
Last year also saw an expansion of the monthly security updates program. While 735 million devices from over 200 manufacturers received a security update, half of all Android devices did not.
Moving into 2017, Google is working on streamlining the security update program to make it easier for manufacturers to deploy security patches. Notably, Google wants to reduce the process from over one month to less than one week. Additionally, machine learning and automation will “significantly” reduce PHA rates from Google Play and external sources.
While these security features are available through the independent Google Play Services, newer features like A/B updates can only be achieved through full Android version updates.