The threat of malware, and the fear and anxiety caused by it, has been a real issue even before smartphones became in vogue. And Android, being popular and, for the most part, open, has become a large target not only of such malicious actions but also of media focus. Now Google is breaking its silence and is claiming, at least based on data it has collected, that the media hype about Android malware may actually be a bit unwarranted.

Speaking at the Virus Bulletin conference in Berlin, Google Android Security chief Adrian Ludwig revealed some figures that may make some raise their eyebrows and others calm down. According to Ludwig the amount of malware that actively attempt to evade runtime security checks in order to harm users is really just 0.001% of installed apps. And these are just apps that even try. The number of apps that are actually able to cause harm are even smaller.

While the figures might be shocking, or even dubious, to some, Ludwig attributes it Android’s multi-layered defense systems that tries to block out malicious apps, or at least warn users about the risks in order to help them make an informed decision. Factors such as being distributed on Google Play, which has its own automated and user-driven security review system, or warnings when installing from unknown sources help to lessen the amount of malware that ends up getting installed. At the heart of this layered defenses is the slightly recent Verify Apps feature, which compares a downloaded app against a malware database curated by Google. And again, every step of the way, users are warned of the danger but are still given the option to take an informed risk.


There is, however, one caveat to all these. Google’s estimate is derived from data gathered from Android devices that have Google Play Store installed, which also brings in the Verify Apps feature. It doesn’t taken into account data coming from smartphones, and especially tablets, that have neither, like Amazon Kindle tablets or tablets that have not been approved to run Google Play services.

SOURCE: Quartz
VIA: Android Police