Google releases the first Android Ecosystem Security Transparency Report

Publish date: 2022-02-26

TL;DR

At Google I/O 2018, Google announced it would release something called an Android Ecosystem Security Transparency Report by the end of the year, and today it did just that. The report will come once every quarter and is meant to supplement the annual Android Security Year in Review report.

The Android Ecosystem Security Transparency Report is the latest addition to Google’s general transparency reporting site, which began in 2010 to show how the policies and actions of governments and corporations affect privacy, security, and access to information online.

You can watch Dave Kleidermacher, VP of Android Security and Privacy at Google, reveal the Android Ecosystem Security Transparency Report in the YouTube video below:

The primary focus of this new report is to chronicle how often a routine, full-device scan by Google Play Protect detects a device with potentially-harmful applications (PHAs) installed. Google Play Protect runs on all certified Android devices and scans all applications regardless of whether the user downloaded them from the Google Play Store or not.

Here's a list of Android devices with security updates from the last 90 days (Ouch HTC)

News

You can read the complete report — and Google’s blog entry about its release — on the Google Security Blog. However, the basic gist of the report is pretty simple: Android is more secure than it’s ever been for those of us who exclusively use the Google Play Store to download applications. For those of us who download apps from outside the Play Store, things aren’t as secure.

Dave Kleidermacher had this to say about the findings of the report:

Potentially harmful application rates continue to fall with every new operating system release. We attribute this to many factors, such as continued platform and API hardening, ongoing security updates, app security, and developer policies to reduce apps’ access to sensitive data. Devices that exclusively download applications through Google Play remain 9 times less likely to contain potentially harmful applications than those that download apps from outside of Google Play. Only .08 percent of devices solely using Google Play contain a potentially malicious application.

Although Google is clearly trying to emphasize the security benefits of exclusively using the Play Store for your app needs, the security of devices that installed apps from outside of Google Play also improved. In 2017, about 0.82 percent of devices that installed apps from outside of Google Play were affected by PHAs; in the first three quarters of 2018, about 0.76 percent were affected (ED: Google retracted this information after this article was published. The correct percentage is actually 0.68 percent. Google blamed the error on a bug in its system.). That’s not a humongous drop, but still a drop.

The report also concludes that the more recent your version of Android is, the less likely you are to download PHAs.

Click the button below to check out the full report:

Comments

ncG1vNJzZmivp6x7orrDq6ainJGqwam70aKrsmaTpLpwrc2dqaihlGKypLvSsqqtnZ1iwKav1KugrbFdqb%2BiutKpmKudnpjGbr7EqaarrF1nfXKEjHJpbGlkbXw%3D