Google has been working on improving the overall security of its Android platform, and the Internet giant is not being shy about some of the success it has had in advancing the security of its mobile ecosystem.
In its latest Android Security Year In Review report (PDF), Google presented some of the main changes brought to the mobile operating system, starting with the mandatory full disk encryption for all new Marshmallow devices, and going all the way to the much lower number of malware infections occuring through Google Play.
Released in fall 2015, Android 6.0 Marshmallow requires that manufacturers enable full disk encryption on new devices out-of-the-box, provided, of course, that these devices have adequate hardware capabilities. This means that user’s data is safe even if the device is lost or stolen, as third-parties cannot access it without the encryption key.
To further enhance the security of Android devices, the tech company has implemented a verified boot, meant to ensure that the phone is healthy from the bootloader to the operating system and also added support for fingerprint scanners and SELinux enhancements. Moreover, it updated app permissions, so that users can better manage the data shared with specific apps, and launched an Android Security rewards program.
Starting last August, Google began pushing monthly security updates to Nexus devices, in a sustained effort to resolve as many vulnerabilities in the mobile platform as possible. It all started after Zimperium revealed that Stagefright, a security flaw in Android’s mediaserver, affected nearly 1 billion devices. Eight months later, Google is still patching flaws in this platform component.
Additionally, Google boosted its protection mechanism against Potentially Harmful Apps (PHAs) and is now checking over 6 billion installed applications per day. Even so, malicious programs still managed to slip into the Google Play store, some of them masqueraded as harmless games.
Even so, the Internet giant says that the probability of a user installing a PHA from Google Play has decreased by 40 percent in 2015, compared to the previous year. The installation of apps engaged in data collection decreased over 40 percent to 0.08% of installs, spyware decreased 60 percent to 0.02% of installs, and hostile downloaders went down 50 percent to 0.01% of installs.
“Each APK is analyzed multiple times. This analysis requires tens of thousands of CPU cores, many terabytes of RAM, and many petabytes of storage,” the report said. “Because this analysis has been ongoing for several years, our visibility into the application ecosystem is larger than the current install base of applications.”
“Overall, PHAs were installed on fewer than 0.15% of devices that only get apps from Google Play. About 0.5% of devices that install apps from both Play and other sources had a PHA installed during 2015, similar to the data in last year’s report,” Adrian Ludwig, Lead Engineer, Android Security, explains in a blog post.
The company’s Verify Apps service also keeps users safe from apps installed from sources other than Google Play, with the effectiveness of the PHA warnings provided by it up by over 50 percent. Google also says that, throughout 2015, the company protected users from network-based and on-device threats by scanning 400 million devices per day, and that it added Safe Browsing to Chrome for Android.
Moving forward, the company says it will focus on working together with Android manufacturers to turn the update lifecycle for Nexus devices into a model for other devices as well. Some manufacturers have already started providing monthly security updates for their users, but many Android devices are still not receiving such patches, leaving millions of users vulnerable.
Also today, Google published the results of a study carried out in partnership with the University of California, Berkeley, revealing that it detected nearly 800,000 compromised websites over the last year. The company also said that 16,500 new sites were getting hacked every week and that users received warnings when trying to access such a site.