Google security diagram

About 99.88 percent of side loaded Android apps found to be malware-free

Speaking at the VirusBulletin 2013 conference in Berlin yesterday, Google's Android security chief Adrian Ludwig broke down a whole lot of numbers — and a whole lot of popular Internet FUD — about the malware situation on Android. As expected, he spoke highly of the security model and methods Google uses to keep malware away from your Android, including comparing things like his department and the Bouncer to the CDC.

The CDC knows that it’s not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks.

Talking up your team is to be expected, but it's the numbers he has that we're interested in. Google has not had much to say about the malware complaints, because they haven't had the data needed to talk about them until now. This is a stark contrast to third-party security vendors researchers, who haven't let this stop them. Here's some data to chew on:

  • In a 1 million sample sized collected of apps installed outside of Google Play (side loaded), just 1,200 were classified as malware.
  • About 15 percent were purposefully installed commercial spyware apps
  • 40 percent were "root" apps that users chose to install on rooted phones
  • 40 percent make premium calls or texts and charge the user's account
  • The remaining 6 or so percent were random malicious apps

Ludwig says the numbers are a direct result of the "verify apps" portion of the Android security model, and that users are beginning to pay better attention and discard suspicious software. We're just glad to finally see some data that's more than the "Over 9,000!" usually thrown about when the words Android and malware can make a great headline. Data nerds, as well as folks interested in security and Android on the technical side should have a look at the source below.

Source: Quartz; Via: +Adrian Ludwig

 

Reader comments

Android security chief breaks down real malware data

62 Comments

My data is all the fake apps claiming to be something they are not. Don't have to really try and find them either.

I'm not trolling just calling it like I see it. Sorry if that touched a nerve with a fanboi or two. :-)

I don't know maybe, if your used to the play store because you use android and nothing else, you would feel differently.

Example : when bbm was "supposed" to launch the play store was flooded with close to 100 fakes within a few hours. If you don't think that's a problem then your crazy.

Sent from my Motorola side view pager 4-5683-968

Ultimately it is the user that should know what they are installing, but yeah there's no way that all those fake apps should have been able to make it to the store.

And this is the reason why people think Iphone users are dumbed. It never crossed my mind that those apps were related to bbm. I guess some people need more help than others.

Just be diligent in what you decide to download and use. Android may not be the most secure platform out there but at least don't be the person that clicks those "You're the 1000th visitor!" links everytime. I've run into malware for let's say "unpaid" apps. If you just go through the Play Store, it's not guaranteed but it lowers the chance you'll get malware.

But my personal decision is not to run any banking apps on my Android system.

Yeah, I know my comment was a little off topic but I wanted to say it as a more general advice kind of thing that can be applied to any platform.
But if there's anything else wrong, feel free to correct me.

It's funny to me when speak on an area where a platform can grow your automatically a troll!?

I see the same thing over at CrackBerry. If the play store can do better than it should. I know I know "if you do a little homework before you download then you should be good" problem is many people don't and the number of downloads these apps get along with the confusion in the ratings is proof of that.

But I'm just a troll though.... Just trolling for shits and giggles.

Sent from my Motorola side view pager 4-5683-968

People look at your username, the fact that you constantly talk about BlackBerry (at Android Central), and automatically think "Troll!"

You blindly called the Play Store a cesspool. I guess, I can say the same, about Blackberry's App World, since there's one developer with over 40,000 apps, or close to 50% of Blackberry's app count.

Yes, we know that, on the supposed launch date for BBM, fakes kept popping up in the Play Store. But, don't sit here and pretend that was the reason why it didn't launch.

No app store is perfect. But, at least, with Google's Play Store, developers are not waiting weeks for approval from Apple, and you have a bigger target audience than BlackBerry and Windows.

Disclaimer: I'm not calling you a troll, I just love to debate.

So, basically you prefer an app within few hours from the moment developer submitted it instead of waiting few days to get a bit more confidence that app does not wipe your smartphone? It's great when everyone has a choice :)

Lol, like I said, I know what apps I use, and I know not to download random games, wallpapers, and such from the Play Store. Most of the apps that I download have already been screened by several other users. I also have Lookout installed, to scan apps, as soon as they're downloaded.

Posted via Android Central App

I'd love to see an example of a malware app on the Play Store. Please, show me one.

Posted from my pure Google Nexus 4 using the AC app.

Please try to remove your feelings from the discussion. I am a troll though I use and love an HTC One daily.

I just call it like I see it. I do the same for BlackBerry too.

I'm not emotionally attached to any one platform. They all have their pros and cons.

Imo Google and BlackBerry both have an app problem. Is that better?

All platforms have room for improvement. They can always get better and they will. I think Google can improve the store. Apparently you don't mind at all and that's cool.

I'm not going to call you a fanboi because of your opinion... Your entitled to it. You can continue to call me a troll though. This is usually the first insult that comes from fanbois when someone dares to speak about areas in which the platform can grow. Not saying that you are a fanboi. I don't know you well enough to make that assumption.

Sent from my Motorola side view pager 4-5683-968

See? I didn't call you a troll; if you had bothered to look at my disclaimer, you would have seen that.

You're telling me to remove my emotions from this discussion, when in fact, there are no emotions. If anything, you're offended that you've been called a troll, by OTHERS.

You're entitled to your opinion, as am I.

Of course, the Play Store could use an improvement in its app approval process. I even admitted that, on the day that BBM was supposed to launch. It's not perfect, but, I prefer Google's offerings over Blackberry's. Does my preference make me a fanboy? So be it.

Posted via Android Central App

I think if you would have stated, "The play store still needs work on filtering Fake apps" instead of "Play store is still a cesspool tho" people might have taken your comment as actual constructive criticism instead of trolling

Only andriod lovers can call other operating systems bad names. If you call it like it is your a troll here. By the way the play store is a cesspool.

Posted via Android Central App

Not really trolling you just have to understand the ecosystems. Apples is closed so you can't submit any kind of app and googles is open so you ultimately can submit anything. Is it better? In some ways yes but in other ways like your example it isn't but its one of those things where you take the good with the bad. The problem is this isn't anything new and you pointing it out is part of a much larger debate that has been on going since early versions of android.

To be fair to the other people your comment wasn't on topic and people probably are tired of having to explain exactly how the system works. Google has stated and continues to be pretty consistent about their app store being open to anyone and that's the way it is.

Posted via Android Central App

Jerry, I think a statement like this would make your article more clear to readers.

"Google’s Android Security chief Adrian Ludwig reported data showing that less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users."

That's sounds great, fact remains that Google is the worst at policing it's store and I for one would like to see them improve.

I'd like to see them clean things up and make it much harder for these "devs" to plague the store with garbage so easily. Sorry if you feel that has nothing to do with the the above but I disagree.

Sent from my Motorola side view pager 4-5683-968

I agree, I want to see Google improve its app store, as well. We can all agree, that something will have to change, in the future, to entice more developers and get more high quality apps in the Play Store, while at the same time, getting rid of the junk.

Posted via Android Central App

I've only ever side-loaded aDownloader (from their website) and TubeMate (from the slideMe app store). All of the other apps that I use, are downloaded from the Play Store.

I guess, this article doesn't really apply to me, though. I'm not an app junky, but I know when an app looks suspicious. It's called common sense, I think.

Posted via Android Central App

Every comment has a smart ass tone to it lol. I'm not trying to hurt any feelings here, I just speaking on an area were I think Google can do better and if you are OK with the state of the store then that's that's cool. I'm not going to get upset about that because I think it's OK for folks to have opinions :-)

Sent from my Motorola side view pager 4-5683-968

Hi Jerry. If you can - could you please explain to average users (like me) what this means for us, on the podcast tonight. Many thanks.

Awesome A C

:)) it's not a conspiracy, just a slight exaggeration. Also, Play Store is the only store I know where you can actually find a malware :)

Any malware that I have ever gotten was more of adware then anything. it was annoying stuff i installed myself that i thought was going to be better then what it actually was.

I don't like to bash apple, as they have great products, but their latest iOS7 is very slugish and buggy. I'm glad I am back on android, even with its problems. My poor friend upgraded to iOS7 and has a hard time with his iPhone.

Agree. A friend of mine owns an iPhone. After the upgrade to iOS7 it keeps deleting all his contacts. So he's definitely switching to android any time soon.

I went to a website once on my phone and it said my phone had malware on it and told me to download the fix.

Obviously fake, I downloaded it anyway just to see what it was (cuz I don't believe in android viruses), and it was a legitimate store with legitimate apps... Just a sketchy way of advertising.

Posted via Android Central App

hey we all love our devices... I love android, dislike Microsoft, would pee on apple... so far, I'm still happy with my tablet.
By the way your signature takes me back to the days I was young and dating.

Gueneal just said he would pee on apple, I bet you guys found that cool. But do not call the playstore a cesspool or you r gonna get it. Stupid!!!!

Posted via Android Central App