Google security diagram

Speaking at the VirusBulletin 2013 conference in Berlin yesterday, Google's Android security chief Adrian Ludwig broke down a whole lot of numbers — and a whole lot of popular Internet FUD — about the malware situation on Android. As expected, he spoke highly of the security model and methods Google uses to keep malware away from your Android, including comparing things like his department and the Bouncer to the CDC.

The CDC knows that it’s not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks.

Talking up your team is to be expected, but it's the numbers he has that we're interested in. Google has not had much to say about the malware complaints, because they haven't had the data needed to talk about them until now. This is a stark contrast to third-party security vendors researchers, who haven't let this stop them. Here's some data to chew on:

  • In a 1 million sample sized collected of apps installed outside of Google Play (side loaded), just 1,200 were classified as malware.
  • About 15 percent were purposefully installed commercial spyware apps
  • 40 percent were "root" apps that users chose to install on rooted phones
  • 40 percent make premium calls or texts and charge the user's account
  • The remaining 6 or so percent were random malicious apps

Ludwig says the numbers are a direct result of the "verify apps" portion of the Android security model, and that users are beginning to pay better attention and discard suspicious software. We're just glad to finally see some data that's more than the "Over 9,000!" usually thrown about when the words Android and malware can make a great headline. Data nerds, as well as folks interested in security and Android on the technical side should have a look at the source below.

Source: Quartz; Via: +Adrian Ludwig