Security and privacy are things Google says it has always taken seriously. The fact the company’s Android platform struggles with security issues is something that irks Google. As part of its fifth annual Android Security & Privacy Year in Review report for 2018, the company says it is doubling down on security. Furthermore, progress is being made in making the Indian Android market more secure.
Google has often said Android as it is sent as a stock ecosystem is secure compared to closed rivals such as iOS. However, the problem is Android is open source and OEMs are free to tweak and change it as they wish. Often this means compromising Google’s out-of-the-box security refinements and causing security and privacy flaws.
Each year, the Android Security & Privacy Year in Review highlights known vulnerabilities and potential threats on the ecosystem. Google always details how it is working to stop such problems occurring.
For example, this year the company says it is marking the upcoming Android Q (version 10) with a focus on security and privacy features. Even so, the company says a huge improvement has already been made, with just 0.08 percent of Android devices affected by potentially harmful applications (PHAs) during last year.
There are a couple of things to consider. Firstly, Google’s data only refers to applications downloaded through its own Google Play Store. There are other avenues for apps, but those are not covered in the report. Also, there are over a billion Android devices in distribution, so 0.08 percent of devices is still 800,000, which is quite a lot of infected handsets.
Indian Progress
India has often been a breeding ground for Android infections. No other market has the level of fragmentation that India does, with many users still on older and largely unsupported Android versions. However, Google says progress has been made in what is now “by far the biggest market” for Android.
The company says Indian devices became 35 percent cleaner in 2018 compared to 2017. Indeed, only 0.65 percent of Android devices in the country were affected by PHAs at any one time, with Indonesia overtaking India with the highest rate of PHAs.
Still, there is more work to be done in India. The most common threat in the market during 2018 was a video app that mines cryptocurrency with the user known. Other common vulnerabilities include trojans and backdoors being pre-installed on new Android smartphones through what Google calls “untrustworthy OTA companies”.
In fact, India leads the way in being the most likely to receive trojan attacks on Android, with 22.4 percent of cases, far more than second-placed Germany (6.5 percent). Around 0.007 percent of all app installs in India and 16 percent of all PHA installs from Google Play were infected by a trojan, Google confirms.
Perhaps highlighting the fact that OEMs are causing insecurity on Android, Google says no security compromises were observed on its own Pixel smartphones in any country during 2018. It is worth remembering the Pixel handsets have a stock Android experience and receive updates on the day of release.
