In a new report looking back over 2018, a year in which Google celebrated the 10th anniversary of the launch of the first commercial Android device, the search giant gives itself a pat on the back for what appears to be an impressive milestone. The company’s newly released year in review of its Android security efforts declares that the company’s increasing crackdown on what it calls “potentially harmful apps,” or PHAs, is continuing to pay off. How much? Less than half of 1% of all app downloads from the Google Play Store in 2018 were given that PHA classification.
Of course, as with any such analysis, some context and caveats are in order.
For starters, that 0.04% of PHAs in 2018? It was up from 0.02% in 2017, an increase that was due to the inclusion of “click fraud” as a PHA category in 2018. Before, click fraud was only considered a Google Play policy violation. Back out the instances of click fraud from the stats, though, and Google says the number of PHAs actually plunged 31% from 2017 to 2018.
Another point to consider is that while 0.04% sounds like a pretty small percentage, if you take Sensor Tower’s estimate of Android app downloads for 2018 (almost 76 billion) that percentage still works out to almost 31 million PHAs.
Among those apps, click fraud apps accounted for almost 55% of total installs in 2018. Such apps often have “desirable features” like music or gaming, Google’s report explains, while the app is meanwhile executing click fraud in the background. “Many of the major apps that we removed from Google Play in 2018 because of embedded click fraud code were flashlight, music player, or game apps,” the report continues. “Click fraud developers build their code into apps that users tend to use daily and keep installed on their devices.”
Among other highlights from Google’s Android security year-in-review, the company says that by the fourth quarter of 2018, security updates were received by 84% more devices than in the same quarter one year earlier. Also, the Android security rewards program surpassed $3 million in total payouts, the program being a way for Google to work with top researchers from around the world to improve the security of the Android ecosystem.
All of these efforts continued with the release of Android 9, which the report goes on to note added a myriad of new security features to keep devices and users secure. Others insights in this report include the fact that the Google Play Protect mobile threat detection service scans more than 50 billion apps every day across more than 2 billion devices.