For years, one of the primary criticisms of Android has been the perceived vulnerability to malware. Due to the open source nature of the platform, along with reports of dangerous malware, there’s long been the perception that Android devices aren’t as safe as others, particularly products from Apple.
According to the 2016 Android Security Report, though, thanks to several important advances and changes to how Android handles security, the need to be concerned about security is diminishing. The report, issued in mid-April, details some of the steps that Google is taking to better protect devices and users from devastating malware and other security concerns. The detailed 48-page report can be found here, but here are some of the key takeaways for consumers.
Improved Updates and Patches
In 2015, Android released the latest version of its operating system, Android 6.0, also known as Marshmallow. While only a small percentage of new devices are currently running this version, Google is encouraging more manufacturers to embrace Marshmallow due to enhanced security features including full disk encryption, the ability to ensure that a device has the most up-to-date security patches, the ability to better personalize application permissions, and a new verified boot feature, which checks to make sure that your phone is healthy from the boot process all the way through the operating system.
However, because not all devices are using Marshmallow yet, Google has improved some security features for older operating systems as well. They are working closely with device manufacturers to encourage them to roll out new security features to users on a more regular basis, so that patches are delivered on an ongoing basis rather than waiting for a new version of the operating system.
Device Scanning
Another major announcement in the report was the increased success of Android Platform Security and Google Security Services. According to Google, these security services successfully scans more than 6 billion installed apps and 400 million devices for potentially harmful malware. When Google identifies a potentially harmful application (PHA), the user is prompted to take action. Anonymized data regarding the PHA is also sent to Google, to be used in developing stronger protections for future applications.
Malware Management
The Android Security Report also revealed that the number of harmful apps has decreased considerably over the last few years, with the number of devices infected by malware found in apps from the Google Play store accounting for only a small percent of overall infections.
Still, because a significant number of devices were infected by malware from other sources, Google still cautions users to be careful when installing apps from non-approved sources. Installing mobile security protection for Android is still important, as it will identify harmful apps and help you remove or block them.
Some programs also offer additional security features that aren’t widely available on Android devices yet, including lost or stolen phone location an identity theft protection.
Google has also been cleaning up its app store and becoming more selective in the apps that are available for download in the store. According to the report, apps from the Google Play store have had significant reductions in the number of apps that include data collection, spyware, and hostile downloads – they can now be found in fewer than 1 percent of apps. However, many experts point out that as long as Android devices can access applications from third party app stores, there is the potential for harmful malware, thus necessitating the need for third party device security and vigilance.
One of the more interesting changes that Android made in 2015 was based on user behavior. In the past, when a potentially harmful application was identified, the warning screen automatically offered the option to ignore the warning and install anyway. The new warning screen informs the user that the installation has been blocked (rather than simply saying “Do not install”) and hides the option to override the block. By clicking on the “more information” link, that option appears, but by simply changing the language and removing that option, the number of harmful application installs has decreased.
Android has made great strides in the security of its devices over recent years. However, the very nature of the operating system means that it may never be impervious to harmful apps and other attacks. With the right security tools in place though, and the ever increasing controls on what is installed and how, individuals and businesses alike can feel more confident that their important data will not fall into the wrong hands.
