Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:00 PM
Sara Peters
Sara Peters
Quick Hits
Connect Directly

Google: Less Than 1% Of Androids Have Potentially Harmful App Installed

Google's Android security report shows that devices that only install apps from the Google Play store have fewer infections.

Although Android is mobile malware authors' favorite target, the rate of "potentially harmful" Android application installations was cut nearly in half from Q1 to Q4 2014, according to Google's Android security year in review report released today.  

The report includes information gathered from Google Play, the official Android app store; Verify Apps, which scans apps installed outside Google Play; SafetyNet, an app health check service for developers, and; Safe Browsing, which keeps an eye out for phishing sites and other malicious URLs. 

Google found that fewer than 1 percent of Android devices had a "potentially harmful app (PHA)" installed in 2014. That number decreased to fewer than 0.15 percent on devices that only install from Google Play.

"Exploitation attempts were tracked for multiple vulnerabilities, and the data does not show any evidence of widespread exploitation of Android devices."

One of the vulnerabilities tracked was "FakeID," a vulnerability in Android's verification of digital signatures, exposed by Jeff Forristal of Blue Box Security at the BlackHat conference in August. (Forristal discussed it on DarkReading Radio live from BlackHat then.) According to the Google report:

In 2014, we blocked one instance of an app uploaded to Google Play that exploited [the FakeID] vulnerability. Outside of Google Play, Verify Apps also warns users about applications that exercise this vulnerability. Verify Apps identified 258 unique applications that exercise this vulnerability, and they were installed less than once for every 1 million installs checked by Verify Apps...

Many of the FakeID installs have characteristics that associate them with security research, and we have not identified any attempted exploitation that we would consider “malicious.”

Read the full report here. 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/6/2015 | 9:30:37 AM
Third-Party App Download VIgiliance
It's a good thing that the Play Store has few downloads that contain infected apps. However, it is not the "trusted" providers where you will see the most risk. As stated in the article Google performs scans on the apps in the store to cut down on infection rates. In my eyes, that is Google taking a share of the responsibility to ensure the integrity of its brand name. But the open source ability of android allows for apps to be downloaded outside the store. It is here that I would posit the rates of infection to be much higher.

The lesson here is to be vigilant and verify the integrity of the developers before downloading anything from an unverified source.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-18
A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in the boot loader module when measuring commandline parameters.
PUBLISHED: 2019-11-18
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
PUBLISHED: 2019-11-18
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which m...
PUBLISHED: 2019-11-18
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.