Google cites progress in Android security, but patching issues linger
The chances of encountering malware on your Android phone is incredibly small, according to Google.
By the end of last year, less than 0.71 percent of Android devices had installed a “potentially harmful application,” such as spyware, a Trojan, or other malicious software.
That figure was even lower, at 0.05 percent, for Android phones that downloaded apps exclusively from the Google Play store.
The internet giant revealed the figures in a new report detailing its efforts to making the Android OS secure. Thanks to better app review systems, the company is detecting and cracking down on more malware.
However, Google still hasn’t fixed one nagging complaint about Android: the lack of periodic security updates.
By the end of 2016, about half of Android devices—735 million—had received a security patch issued during the year, according to the report. That means another half hasn’t, leaving the vulnerabilities in those phones unfixed.
How recent was that patch? It’s not clear in the report, but any phone not running the latest Android software can face some security risks.
A big reason for the inconsistent patching is because the Android OS is used by hundreds of device manufacturers and across thousands of phone models. So it’s up to vendors and the mobile phone providers to push out new security patches, but not all of them do. That can be especially problematic when a major flaw in Android is found and needs to be fixed.
Google is aware of the problem. It’s been pushing the whole Android handset industry to deliver updates in a timely manner, and those efforts appear to be paying off.
“In Europe, over 73 percent of active flagship Android devices on the major mobile network operators reported a security patch level from the last three months,” the report said.
In the U.S. that figure was 78 percent and included phones such as the Samsung Galaxy S7, LG G5, and the Moto X Play.
“There’s still a lot of room for improvement,” Google’s Android security team said in blog post about the report.
Google’s process on the patching front hasn’t been perfect, said Andrew Blaich, a security researcher at mobile antivirus provider Lookout. But overall, the company is moving Android OS security in the right direction.
“Many of the newest enhancements, especially in [version] 7.X that buyers of the newest Android phones will start with, are much better than they were in the prior versions,” he said in an email.
Consumers using older Android phones won’t be able to reap all these security benefits. But Google is also cracking down on many malicious apps, and reacting quickly to stop them, Blaich said.