Google: defending against Android malware

Google waxes optimistic on its Android Developers Blog: How we fought bad apps and malicious developers in 2017. Andrew Ahn says:

We’ve also developed new detection models and techniques that can identify repeat offenders and abusive developer networks at scale. This resulted in taking down of 100,000 bad developers in 2017, and made it more difficult for bad actors to create new accounts and attempt to publish yet another set of bad apps.

For The Parallax, Seth Rosenblatt quotes Andrew Ahn as saying that:

…of all the malicious apps submitted to Google Play, only 1 percent of them make it past Google’s filters to consumers…

To put those figures into some sort of perspective, statista.com states that as of December 2017, 3.5 million apps were available from the Google Play store, though it’s not clear what percentage of apps submitted at any given time are malicious. However, it’s reassuring that Rosenblatt is also able to quote a spokesman as saying that:

…the company detects “most” malware successfully uploaded to Google Play “within a day.”

Graham Cluley, for ESET, notes that Google smashed over 700,000 bad Android apps last year but advises caution:

Despite the reports from Google’s Android security team of impressive improvements, the truth is that bad apps have often been found on the Google Play store, and barely a week goes by without reports of malicious Android apps being discovered and sometimes downloaded thousands of times.

I won’t dispute Ahn’s claim that “You have a lower probability of being infected by malware from Play than being hit by lightning” – I don’t have exact figures either way. But it’s clear that Google Play is probably significantly safer than alternative Android app stores.

David Harley



This is a Security Bloggers Network syndicated blog post authored by David Harley. Read the original post at: Mac Virus