Will Verduzco · Oct 4, 2013 at 11:30 pm

Just How Safe is “Safe” in Android?

We’ve all heard about the Android malware problem. After all, proponents of other mobile operating systems love to spread FUD stating that Android’s malware situation is out of control. Further, there are various entities such as antivirus firms with vested interests in demonstrating that there is indeed an issue.

Who’s to blame the companies using these unscrupulous tactics? After all, it’s simply good business to undermine your mobile OS competitors or create demand for your product in the case of security solution providers. And up until very recently, Google unfortunately lacked a reliable way of determining and tracking the scope of the problem. That changed recently, however, when Google introduced its current multiple layers of defense, which is seen in the infographic to your right.

According to a presentation by Android Security Chief Adrian Ludwig, it is estimated that less than 0.001% of application installs are able to evade the platform’s multi-layered defense system—a system which includes sandboxed permissions, application verification, trusted sources, and runtime defenses. This figure includes both applications installed through Google Play, as well as the 1.5 billion applications installed through other means (side-loaded or alternate app stores).

So what does the data show? When installing from non-Google sources, under 0.5% of applications are flagged by the application verification system. Of these, under 0.13% of these applications end up being installed by the user, and under 0.001% of these attempt to evade Android’s runtime defenses. The actual number that is able to cause harm and evade these defense mechanisms is unclear, but if the data is to be believed, it would reason that this number is smaller than 0.001% of applications that users attempt to install.

The next major question becomes which apps are most frequently flagged by the application verification system. Research presented by Ludwig demonstrated that nearly 40% of these applications are “fraudware” apps that make premium phone calls and text messages. Another 40% are rooting apps, which are “potentially harmful,” but not malicious per se. Then, 15% of the apps are commercial spyware, which track things such as Internet behavior or collect other personal information. The remainder is a diverse group of truly malicious apps.

In the grand scheme of things, 0.001% is a very small number. That’s 1 in 100,000, which anyone would be hard pressed to label as significant. It’s not 0, but it’s unrealistic to expect it to be 0. That said, it’s close enough so that the vast majority of users should be relatively safe by employing good security practices and installing only applications from trusted sources and reading permissions.

It is important to keep in mind, however, that just like the security providers and proponents of other mobile operating systems that can profit from Android security FUD, Google also has a dog in the fight. No group is truly impartial here. And unfortunately, it is up to the user to decide with his or her own personal data who is to be believed. That said, I know my mobile operating system of choice, despite the FUD. But since I care about my data (and that of my friends and family), I won’t be turning off Verify Apps or installing from untrusted sources any time soon.

Have you or any of your friends ever fallen victim to malware on Android? Let us know your thoughts on the Android malware situation in the comment box below. You can learn more by viewing the full presentation.

Source: Quartz

[via Google+]


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician.
Mathew Brack · Mar 26, 2015 at 10:09 pm · 3 comments

LG G4 Note Leaks

T-Mobile employee and XDA user s3rv1cet3ch has leaked images that he claims are of the upcoming LG G4 Note, LG's answer to the Samsung Note series and 'big brother' to the G4.  LG CEO Cho has been quoted as saying at a press meeting that the company would unveil the next flagship smartphone, G4, in the second quarter, and another high-end product in the second half. With the second quarter now just days away we could finally have a few hints of...

XDA NEWS
Mathew Brack · Mar 26, 2015 at 06:07 pm · 3 comments

HTC M9 Roundup: Availability and Prices

The HTC One M9, Available in both 'Gold on Silver' and 'Metal Gray' colors will be available for sale in stores across the US on April 10th, however most carriers are starting preorders tomorrow on March 27th. No matter which network you order yours from you will be covered by HTC's new Uh-Oh service. Throughout the day today we have seen just as many announcements from carriers regarding pre-order information and prices for Samsung's new flagships the Galaxy S6 and S6 Edge. If...

XDA NEWS
Mario Tomás Serrafero · Mar 26, 2015 at 05:15 pm · 1 comment

OnePlus Late March AMAA Roundup

OnePlus is one of those companies that appear one day and next thing you know, they are all over the internet. Their original OnePlus One phone was a major success in the mobile space due to its low price yet remarkable specifications - the ultimate goal of the company and their “Never Settle” slogan. We love talking about “the little OEM that could”, not necessarily because they are good or bad, but because their business and marketing strategies are very...

XDA NEWS
Share This