Figures produced by Google in their first Android Ecosystem Security Transparency Report, revealed that the prevalence of Potentially Harmful Applications (PHAs) found on their Android 9 Pie devices is half the rate seen in its predecessors.
The figures are taken from malware detected by Google Play Protect scans, which covers both apps distributed through Google Play Store, other app stores and sideloaded apps. Last year, on average, Google found that only 0.09% of devices that used Play Store had malware. This equated to 1.8 million phones.
Play Protect was pushed by Google as a major selling point for its Android One programme, which, they say, brings order and uniformity to their low-end and mid-range Androids. This also meant that phone makers lost the ability to customise their phones, while buyers got two years of scanning.
Google works hard to protect your Android device, no matter where your apps come from. Continuing the trend from previous years, Android devices that only download apps from Google Play are 9 times less likely to get a PHA than devices that download apps from other sources.
Before applications become available in Google Play, they undergo an application review to confirm they comply with Google Play policies. Google uses a risk scorer to analyse apps to detect potentially harmful behaviour. When Google’s application risk analyser discovers something suspicious, it flags the app and refers the PHA to a security analyst for manual review if needed.
We also scan apps that users download to their device from outside of Google Play. If we find a suspicious app, we also protect users from that, even if it didn't come from Google Play.- Google: Google blog
Google introduced Play Protect last year, and now disables PHAs by default without recourse to the user. It has increased its user visibility and introduced some new features. For instance, users can now opt-in and send their own apps to Play Protect for review by enabling ‘Improve harmful app detection’ on their device.
Google said it had published the report to increase transparency, but many have noted that Google had been under pressure to be seen to be responding to regulatory scrutiny of Android. And in particular, its justification for charging 30% for app developers’ appearance on Play Store.