Compared with its competitors, the more open Android has always had a lot of problems in terms of security. Since then, Google has been more vigilant about its security methods, releasing monthly security updates, and working more closely with OEMs to speed up their own update process.
In 2018, Google celebrated the 10th anniversary of Android, which now has more than 2 billion active users, so users around the world are more concerned about its privacy and security in the digital arena. Fortunately, Google knows this very well. Over the past five years, Android has been summing up its “Annual Review” report, detailing how it protects its users.
Tracking Android and its security is not an easy task, and one way Google can effectively track it is to detect potentially harmful applications (PHAs). Google Play Protect can detect threats from apps on the Play Store and from external sources. Since 2014, the trend to install PHA has remained below 1% on average. “In 2018 only 0.08% of devices that used Google Play exclusively for app downloads were affected by PHAs. In contrast, devices that installed apps from outside of Google Play were affected by PHAs eight times more often. Compared to the previous year, even those devices saw a 15% reduction in malware due to the vigilance of Google Play Protect.” However, for those who download applications from external sources, the infection rate is eight times higher, and the number is 0.68%.
Every year, the percentage of PHA-affected devices drops, but this is not only due to Play Protect, but also thanks to powerful APIs such as BiometricPrompt, Protected Confirmation, StrongBox, and various bug bounty programs. The Bug Bounty Program allows researchers from around the world to discover and submit vulnerabilities, while also getting a good return on their work. In addition to the API, the operating system uses encryption, hardware-backed security, proven boot, sandboxing, and a host of other features to ensure the security is as safe as possible.
There are of course some hard-to-reconcile issues, such as Google updating its operating system, but device manufacturers will be slow or sometimes not even releasing updates. To speed up the update process, Project Treble was introduced in its updated version of Android, which allows OEMs to release updates faster.
While Google does its best to protect its users, users should always be vigilant when browsing or installing applications online.