Will Verduzco · Oct 4, 2013 at 11:30 pm

Just How Safe is “Safe” in Android?

We’ve all heard about the Android malware problem. After all, proponents of other mobile operating systems love to spread FUD stating that Android’s malware situation is out of control. Further, there are various entities such as antivirus firms with vested interests in demonstrating that there is indeed an issue.

Who’s to blame the companies using these unscrupulous tactics? After all, it’s simply good business to undermine your mobile OS competitors or create demand for your product in the case of security solution providers. And up until very recently, Google unfortunately lacked a reliable way of determining and tracking the scope of the problem. That changed recently, however, when Google introduced its current multiple layers of defense, which is seen in the infographic to your right.

According to a presentation by Android Security Chief Adrian Ludwig, it is estimated that less than 0.001% of application installs are able to evade the platform’s multi-layered defense system—a system which includes sandboxed permissions, application verification, trusted sources, and runtime defenses. This figure includes both applications installed through Google Play, as well as the 1.5 billion applications installed through other means (side-loaded or alternate app stores).

So what does the data show? When installing from non-Google sources, under 0.5% of applications are flagged by the application verification system. Of these, under 0.13% of these applications end up being installed by the user, and under 0.001% of these attempt to evade Android’s runtime defenses. The actual number that is able to cause harm and evade these defense mechanisms is unclear, but if the data is to be believed, it would reason that this number is smaller than 0.001% of applications that users attempt to install.

The next major question becomes which apps are most frequently flagged by the application verification system. Research presented by Ludwig demonstrated that nearly 40% of these applications are “fraudware” apps that make premium phone calls and text messages. Another 40% are rooting apps, which are “potentially harmful,” but not malicious per se. Then, 15% of the apps are commercial spyware, which track things such as Internet behavior or collect other personal information. The remainder is a diverse group of truly malicious apps.

In the grand scheme of things, 0.001% is a very small number. That’s 1 in 100,000, which anyone would be hard pressed to label as significant. It’s not 0, but it’s unrealistic to expect it to be 0. That said, it’s close enough so that the vast majority of users should be relatively safe by employing good security practices and installing only applications from trusted sources and reading permissions.

It is important to keep in mind, however, that just like the security providers and proponents of other mobile operating systems that can profit from Android security FUD, Google also has a dog in the fight. No group is truly impartial here. And unfortunately, it is up to the user to decide with his or her own personal data who is to be believed. That said, I know my mobile operating system of choice, despite the FUD. But since I care about my data (and that of my friends and family), I won’t be turning off Verify Apps or installing from untrusted sources any time soon.

Have you or any of your friends ever fallen victim to malware on Android? Let us know your thoughts on the Android malware situation in the comment box below. You can learn more by viewing the full presentation.

Source: Quartz

[via Google+]


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. View posts and articles below.

Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician.
Mathew Brack · Mar 6, 2015 at 01:24 pm · 1 comment

Kirin: A Processor the Western World Should Look Out For

Yesterday, we discussed the second part of our tech giants coming to the west series with Huawei. What people may not know, however, is that Huawei owns a company by the name of HiSilicon. Hisilicon's processor department may not be the most popular in the west but their technology is impressive, with year on year improvements being easily seen. In the coming years, manufacturers such as Qualcomm may have to face the fact that there are other companies just as able...

XDA NEWS
Emil Kako · Mar 6, 2015 at 12:00 pm · no comments

Best Bang-for-the-Buck Phone You Can Get Today?

There are many great Android handsets on the market today that are much cheaper than the flagships from the major players like Samsung and HTC. The OnePlus One and Nexus 5 are two great examples of high-end phones being offered at prices much cheaper than competitors. But there are phones in the mid-range that may offer even more bang for your buck. Let us know which smartphone deal you think has the best value.

DISCUSS
Mathew Brack · Mar 6, 2015 at 11:27 am · 2 comments

TapDeck Beta: Smart Wallpaper Discovery

TapDeck which has just entered beta, is a smart wallpaper app that allows you to change to a random wallpaper by simply double tapping your screen. After selecting images you like from a selection, your wallpapers will be chosen based on similar images from Flickr, Imgur, Reddit and Wikipedia. If you see one you like, simply swipe up and you will see information relevant to the image. After spending a day with this app it is clear that it is still...

XDA NEWS
Share This