Google has released its fifth annual Android security report.
According to the findings, the installations of "potentially harmful apps" or PHA increased twofold, but overall, the Android ecosystem "became safer in 2018."
Play Store Installs
The download rate of PHAs doubled from 0.02 percent to 0.04 percent on the Play Store, but according to Google, it's simply because it included click-fraud apps or adware in the tally. Before this, it treated them only as a policy violation on the platform.
In other words, there isn't exactly an increase of malware on the Play Store, per se. In fact, the company says that PHA installs decreased by 31 percent year over year if click fraud was taken out of the equation.
Click fraud tops the list of PHA categories at 54.9 percent, while trojan comes in second at 16 percent. These click-fraud apps primarily targeted users in the United States, Brazil, and Mexico.
Non-Play Store Installs
Back in 2017, Google rolled out its Play Protect services to keep malware at bay. Thanks to this, 1.6 billion attempts of PHA installations of sideloaded or non-Play Store apps were prevented in 2018.
Going by the company's numbers, this translates to a 20 percent drop compared with the results from 2017. Put differently, Play Protect blocked 73 percent of PHA installation attempts from outside the Play Store.
General Tips To Stay Safe
Based on the report, one big risk factor is sideloading apps. As Google states, PHAs affected only 0.08 percent of devices that install apps exclusively through the Play Store. On the other hand, PHAs were eight times more likely to be downloaded in devices that use third-party markets or sideloaded software.
An outdated Android operating system also puts users at risk. As Google points out, the PHA installation rates for Android 8 Oreo and Android 9 Pie devices are 0.19 percent and 0.18 percent, respectively. In contrast, PHAs are more widespread in older versions of Android, with Android 5 Lollipop at 0.65 percent, Android 6 Marshmallow at 0.55 percent, and Android 7 Nougat at 0.29 percent.
To sum it up, solely using the Play Store for apps and using an up-to-date device are key in steering clear of PHAs.
This goes without saying, but the Mountain View company puts in a lot of effort in keeping Android devices safe from malicious software. However, despite that, some still manage to get past the Play Store's security measures, including one that focused on stealing cryptocurrency. Another incident worth mentioning is the spread of the adware dubbed "SimBad," which was found in more than 200 apps with 150 million downloads in total.
Google's full 31-page report is available online (PDF).