The Android security team has released its annual security report, which looks at data on Potentially Harmful Apps (PHAs) across Android devices, and explains how the mobiles operating system checks apps for unsafe behaviour, as well as provide statistics on the state of software updates for Android devices.
The report says that more than 735 million devices from 200+ manufacturers received a platform security update in 2016 as Google "released monthly Android security updates throughout the year for devices running Android 4.4.4 and up". However , about half of devices in use at the end of 2016 had not received a platform security update in the previous year. To deal with this, the Android security team said it is working to streamline the update program and make it easier for manufacturers to deploy security patches.
The team revealed that Android's 'Verify Apps' feature conducted 750 million daily checks in 2016, up from 450 million the previous year, enabling it to reduce the PHA installation rate in the top 50 countries for Android usage.
The report also talks about the improvements to security in Nougat, but there's a note of warning in there as well - for devices overall, particularly those that install apps from multiple sources. The percentage of devices with PHAs actually went up in 2016, though the overall number is still very low. According to the team, only 0.71 percent of all Android devices had PHAs installed at the end of 2016, but that number was 0.5 percent in the beginning of 2015.
Although that is a very low percentage, it's worth pointing out that according to the report, there are 1.4 billion Android users so 0.71 percent works out to nearly 10 million devices with potentially harmful applications installed.
What's clear from the report is that it is a really good idea to stick to only installing applications from Google Play. According to the report, the number of PHAs on devices using exclusively Google Play has dropped by a huge percentage from 2015. The number is only 0.05 percent, down from 0.15 percent in 2015, compared to 0.71 percent on devices that go beyond just Google Play. Installs of PHAs from Google Play decreased in nearly every category: trojans are now 0.016 percent of installs, while hostile downloaders, and backdoors each account for just 0.003 percent of installs, and phishing apps are a mere 0.0018 percent, according to the Android security team.
The Android security team added that it thinks it can reduce the number of devices affected by PHAs, no matter where people get their apps. To that end, the team highlighted new security protections in Android Nougat.
"In Nougat, we introduced file-based encryption which enables each user profile on a single device to be encrypted with a unique key. If you have personal and work accounts on the same device, for example, the key from one account can’t unlock data from the other," the report said. Encryption has been enabled on over 80 percent of Android Nougat devices.
There are also new audio and video protections, so even if one media component is compromised, it doesn't have permissions to other components, which helps contain issues. And there are further measures for enterprise users, such as an always-on VPN, among other measures.
You can check out the full Android Security 2016 Year in Review report.