Connect with us

Hi, what are you looking for?


Mobile & Wireless

Google Runs Over 400 Million Android Security Scans Daily

Google has been working on improving the overall security of its Android platform, and the Internet giant is not being shy about some of the success it has had in advancing the security of its mobile ecosystem.

Google has been working on improving the overall security of its Android platform, and the Internet giant is not being shy about some of the success it has had in advancing the security of its mobile ecosystem.

In its latest Android Security Year In Review report (PDF), Google presented some of the main changes brought to the mobile operating system, starting with the mandatory full disk encryption for all new Marshmallow devices, and going all the way to the much lower number of malware infections occuring through Google Play.

Released in fall 2015, Android 6.0 Marshmallow requires that manufacturers enable full disk encryption on new devices out-of-the-box, provided, of course, that these devices have adequate hardware capabilities. This means that user’s data is safe even if the device is lost or stolen, as third-parties cannot access it without the encryption key.

To further enhance the security of Android devices, the tech company has implemented a verified boot, meant to ensure that the phone is healthy from the bootloader to the operating system and also added support for fingerprint scanners and SELinux enhancements. Moreover, it updated app permissions, so that users can better manage the data shared with specific apps, and launched an Android Security rewards program.

Starting last August, Google began pushing monthly security updates to Nexus devices, in a sustained effort to resolve as many vulnerabilities in the mobile platform as possible. It all started after Zimperium revealed that Stagefright, a security flaw in Android’s mediaserver, affected nearly 1 billion devices. Eight months later, Google is still patching flaws in this platform component.

Additionally, Google boosted its protection mechanism against Potentially Harmful Apps (PHAs) and is now checking over 6 billion installed applications per day. Even so, malicious programs still managed to slip into the Google Play store, some of them masqueraded as harmless games.

Even so, the Internet giant says that the probability of a user installing a PHA from Google Play has decreased by 40 percent in 2015, compared to the previous year. The installation of apps engaged in data collection decreased over 40 percent to 0.08% of installs, spyware decreased 60 percent to 0.02% of installs, and hostile downloaders went down 50 percent to 0.01% of installs.

Advertisement. Scroll to continue reading.

“Each APK is analyzed multiple times. This analysis requires tens of thousands of CPU cores, many terabytes of RAM, and many petabytes of storage,” the report said. “Because this analysis has been ongoing for several years, our visibility into the application ecosystem is larger than the current install base of applications.”

“Overall, PHAs were installed on fewer than 0.15% of devices that only get apps from Google Play. About 0.5% of devices that install apps from both Play and other sources had a PHA installed during 2015, similar to the data in last year’s report,” Adrian Ludwig, Lead Engineer, Android Security, explains in a blog post.

The company’s Verify Apps service also keeps users safe from apps installed from sources other than Google Play, with the effectiveness of the PHA warnings provided by it up by over 50 percent. Google also says that, throughout 2015, the company protected users from network-based and on-device threats by scanning 400 million devices per day, and that it added Safe Browsing to Chrome for Android.

Moving forward, the company says it will focus on working together with Android manufacturers to turn the update lifecycle for Nexus devices into a model for other devices as well. Some manufacturers have already started providing monthly security updates for their users, but many Android devices are still not receiving such patches, leaving millions of users vulnerable.

Also today, Google published the results of a study carried out in partnership with the University of California, Berkeley, revealing that it detected nearly 800,000 compromised websites over the last year. The company also said that 16,500 new sites were getting hacked every week and that users received warnings when trying to access such a site.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.