With a platform as massive and amazingly varied as Android, security is of utmost importance. Google works tirelessly to keep Android and Google Play a safe as possible, and in the first quarter of the year it releases an annual report on how it did — today, we get to see how Android security stood throughout 2017.
The big improvement to Android security in 2017 was the launch of Google Play Protect, which is a system for scanning apps on every Android phone that has Google Play. It scans at least once a day, which comes out to roughly 50 billion apps, and identifies what Google calls "Potentially Harmful Apps" (aka PHAs) in the process.
Google says it found and removed 39 million PHAs using Play Protect, and just over 60% of them were found automatically using Play Protect's machine learning-based scanning, which gives Google a huge head start. After identifying that many PHAs were being installed and used before a phone could be reconnected to the internet for scanning, Google started having Play Protect run while offline to further boost its power — this led to another 10 million PHAs being removed just since October.
As we all (should) know, installing apps from outside of Google Play opens up your device to security risks — Google claims your phone is nine times more likely to install a PHA when going outside of the Play Store. But Play Protect still helps — installations of PHAs from outside of Google Play have dropped dramatically, about 60%, since Play Protect came to Android. Still, I will always advise to get your apps from Google Play whenever possible.
Play Protect casts a wide net and can work on any phone or tablet, but for bigger security issues Google is also fighting a tough battle with keeping devices up to date on its latest security patches. Google says that 30% more devices in 2017 received after-sale security patches than in 2016, which is a good thing to hear but time and time again we continue to see even high-end and popular devices fall behind.
Play Protect is the wide net that saves most of us from really bad apps.
Google is quick to point out that no major vulnerabilities affecting Android were released without Google also making security patches for them available to manufacturers — but that really only helps us if those manufacturers in turn release them to our devices. Nevertheless, Google will continue to work with industry partners, participate in security competitions and run its own Android Security Rewards program to find and fix as many vulnerabilities as possible.
If you want to get really deep into the data, you can read Google's full 2017 security report — the rest of us will simply go forward using our phones with the knowledge that Google's doing what it can to keep our devices safe.
Andrew was an Executive Editor, U.S. at Android Central between 2012 and 2020.
