Now on its fourth edition, Google today published the 2017 Year in Review of Android Security. The in-depth report highlights last year’s launch of Play Protect, as well as platform level changes as a result of Android Oreo.
We’ve compiled some interesting highlights from the report below, with the full document available here.
Google touts Play Protect as one of the main advancements in Android security last year as it assures users that “protections are constantly working to keep them safe” through its central placement in the Updates tab of the Play Store.
Features include Find My Device, Safe Browsing, and Developer APIs, but the “core objective” is to defend against Potentially Harmful Apps through daily scans that removed 39 million PHAs last year. Play Protect has added several new features since launch, like offline scanning in October given that 35% of new malicious installations occurred when a device was offline.
In November, it was updated with the ability to automatically disable certain kind of PHAs, so that users could re-enable without losing data in case they did not want to delete an offending app.
With Play Protect available on over 2 billion devices running Android 4.3 and above, Play Protect is the “most widely deployed mobile threat protection service in the world.”
On the Play Store, the annual probability of downloading a PHA is down from .04% in 2016 to .02%, which Google comically mentions is less than the odds of an asteroid hitting the Earth. This is thanks to measures like expanded use of machine learning to analyze harmful behavior signals. These ML models successfully detected 60.3% of PHAs identified by Play Protect last year.
To better correlate PHAs, we also started designing and implementing new models based on deep neural networks. These models can take multiple signals as inputs and combine all weighted signals together to interpret the statistical interactions captured to identify the likelihood of an app being a PHA. In 2017, we created models for some major PHA categories and in 2018 we’re continuing this work.
Meanwhile, Android security patches came to 30% more devices compared to 2016. Google notes that “no critical security vulnerabilities affecting the Android platform were publicly disclosed without an update or mitigation available for Android devices.”
the majority of the deployed devices for over 200 different Android models from over 30 Android device manufacturers are running a security update from the last 90 days.
On the platform front, Google cites the release of Android Oreo and how Project Treble includes “important architectural changes that has a large, positive impact on security.” Other changes in this vein include Verified Boot 2.0 and support for tamper-resistant hardware.
Treble separates device-specific software by chip makers from the Android framework thus allowing for easier version updates and faster security patches. These efforts to modularize Android also mean that hardware abstraction layers (HALs) from vendors get sandboxed with fewer privileges overall.
Interestingly, Google notes that before fingerprint scanners, less than half of devices had a lockscreen. In 2017, 85% of devices with a fingerprint sensor running Android 8.0 had secure lockscreens.