Android Security 2017 Year in Review

Google published its Android’s security annual year review on May 15th. You can look through the comprehensive, 56-page report yourself, but I’ve got some of the highlights for you.

Google Play Protect

In May 2017, Google announced Google Play Protect, a new home for the suite of Android security services on nearly two billion devices.

Google Play Protect scanning apps on every Android phone that has Google Play. It scans at least once a day, which comes out to roughly 50 billion apps, and identifies what Google calls “Potentially Harmful Apps” (aka PHAs) in the process.

Play Protect uses a variety of different tactics to keep users and their data safe, but the impact of machine learning is already quite significant: 60.3% of all Potentially Harmful Apps were detected via machine learning, and they planning increase in the future.

In October 2017, Google enabled offline scanning in Play Protect, and have since prevented 10 million more PHA installs.

Preventing PHA downloads

Devices that downloaded apps exclusively from Google Play were nine times less likely to get a PHA than devices that downloaded apps from other sources. And these security protections continue to improve, partially because of Play Protect’s increased visibility into newly submitted apps to Play. It reviewed 65% more Play apps compared to 2016.
Play Protect also doesn’t just secure Google Play—it helps protect the broader Android ecosystem as well. Thanks in large part to Play Protect, the installation rates of PHAs from outside of Google Play dropped by more than 60%.

On-device protections

Google Play Protect’s on-device capabilities with a brief description of how they help keep devices and data safe. Most of these services integrate with a cloud-based component that allows Google to push updates.

The following sections explain how these on-device protections work and details new features and improvements made in 2017.

PHA scanningCollection of mobile threat protections and removal
options for downloaded PHAs including:
— Automatic daily PHA scanning
— User-initiated, on-demand scanning
— Scanning for threats even when device is offline
— Automatically disabling or removing PHA threats
— Uploading new apps to the cloud for scanning
Find My DeviceProtection for lost or stolen devices (Formerly Android
Device Manager)
Safe BrowsingProtection from deceptive websites
Developer APIsAPIs that allow third-party apps to use Google’s
security services

Developer APIs

Since 2013, Android devices have included SafetyNet, which allows devices to contribute security-related information to Google’s cloud-based services. This can include information about security events, logs, configurations, and other security-relevant details. In 2017, SafetyNet added new APIs to allow developers to raise the security bar for their apps. The SafetyNet attestation API helps an app evaluate whether it is talking to a genuine Android device.

New security features in Android Oreo

Google introduced a slew of new security features in Android Oreo: making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, hardening the kernel, and more.


If you want to get really deep into the data, you can read Google’s full 2017 security report

According to the report, Google’s team believes that it’s more effective at security than a similarly sized closed-source project.

No Fields Found.
About Prasad Paul 55 Articles
Prasad Paul is a Technical Writer, Security Blogger, Network Engineer and IT Analyst. He is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.