Google: Play Protect Cut Harmful Android App Installs by 20% in 2018

Speaking of the state of Android apps' security, Google today published its annual Android Security & Privacy Year in Review, a comprehensive report that details the company's ongoing efforts to keep over two billion devices running Android mobile operating system secure. From a report: Google says that Google Play Protect, Android's AI-driven built-in defense mechanism, substantially cut down on the number of Potentially Harmful Applications (PHAs) in Google Play. Last year, only 0.08 percent of devices that used Google Play exclusively for app downloads were affected by PHAs, and even devices that installed apps from outside of Play -- 0.68 percent of which were affected by one or more PHAs, down from 0.80 percent in 2017 -- saw a 15 percent reduction in malware. In fact, Play Protect prevented 1.6 billion PHA installation attempts from outside of Google Play in 2018, Google says [PDF]. Installation attempts outside of Google Play fell by 20 percent from the previous year, and 73 percent of PHA installations were successfully stopped compared to 71 percent in 2017 and 59 percent in 2016. In all, 0.45 percent of Android devices running Play Protect installed PHAs in 2018 compared with 0.56 percent of devices in 2017, equating to a 20 percent year-over-year improvement.

Who wrote this crap?

Headline: Noun verb verb verb adj noun noun noun. Dude... that's not how sentences work.

If you're gonna string random nonsense words together, at least put proper names in quotes so we have some clue wtf you're trying to say.

I'd say shoot the editor, but slashdot doesn't have those anymore.

Re:Who wrote this crap?

The fuck? How the hell did I get first post? (not this one... the parent).

20 years and I never came close. Now I only wander by once in a blue moon. Didn't even think it possible anymore.

Go figure.

Re: Who wrote this crap?

It wasn't play protect. It was their horrible website that was down all the time, thus reducIng all apps, including malware.

Re:Who wrote this crap?

[Nidi62]

Headline: Noun verb verb verb adj noun noun noun. Dude... that's not how sentences work.

Buffalo buffalo buffalo Buffalo

Re:Who wrote this crap?

Tatanka. Buff Buff Buff-lo. Tatanka.

Walled garden works

How about that for a title

We caught 20% more bad malware!

[the_skywise]

Except for... well, y'know those mentioned 5 posts back
https://tech.slashdot.org/stor...

Re:We caught 20% more bad malware!

[swillden]

Except for... well, y'know those mentioned 5 posts back https://tech.slashdot.org/stor...

The Google Play Protect team knows that at any given time, their PHA stats are wrong -- are too low -- because they can only count PHA installs that they know about. In fact, the known PHA install rate on any given day, say, March 29th, is zero, because Play doesn't allow installation of known PHAs, but it will rise over time as PHAs are discovered.

This is part of the reason that the stats for a given year are only released at the end of the first quarter of the next year, to give time for PHA discovery to correct the stats upward. Even so, there are likely some that were installed in 2018 that haven't been discovered yet, so today's 2018 stats are a bit too low... but this is the case every year.

However, the team and their systems get better every year, so the upward-revision-over-time actually decreases, and it's likely that in addition to being lower than previous years, the 2018 numbers are a better estimate of reality; closer to correct. It's likely that the year-over-year decrease actually underestimates the amount of improvement.

Keeping malware out of the Play Store is actually an insanely hard problem, because it inherently conflicts with keeping the Play Store open. Google could lower the numbers quite a bit more by taking Apple's walled-garden approach, with developer account fees and pre-approval inspection processes (even that is not perfect -- the Apple App Store has not been malware-free). Note that it's also not a "static" problem; it's an arms race. Malware authors continue inventing new techniques, but the Play Protect team is improving their detection techniques faster.

How many did f-droid protect against?

Because that is all I used for app installs now, unless I am sideloading a gplay only apk for something that isn't available otherwise.

Seriously fuck going and the app store walled garden.

Re: How many did f-droid protect against?

[c6gunner]

It's only a matter if time until "play protect" flags F-Droid as a harmful app. They're already flagging Aptoide.

Re: How many did f-droid protect against?

[Cmdln+Daco]

They can flag it all they want. I deleted my google account on my phone. So I am wandering around blind and helpless. No, actually my phone still works great and I get updates from aptoide.

Android Play is a Minefield

[BrendaEM]

Until Google does something about unwarranted permissions, their microcosm puddle is polluted.

Re: Android Play is a Minefield

My droid wasn't worth a penny.

This is not good

[squiggleslash]

If Google's solution still leaves 80% of the malware out there, it's not really successful in any practical way. It kinda reminds me of APK posting a testimonial a while back:

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

(Source, my bolding)

Yeah, "Kings Joker" was getting 1 or 2 viruses a month after installing APK's hosts file anti-malware solution.

Yes, I'm comparing Google to APK. If you're going to brag about your app store only having 80% of the malware it did last year, you have that coming...

Re:This is not good

[swillden]

If Google's solution still leaves 80% of the malware out there, it's not really successful in any practical way

You should re-read the summary. The PHA install rate was 0.08%, not 80%. The "20% reduction" is because the last year's PHA install rate was 0.1%.

Re:This is not good

[squiggleslash]

I never said the install rate was 80% (what on Earth makes you think I think that?)

The article is about Google reducing the number of malware installs by 20%. That's not a big number, and that's APK level bragging. It means Google's solution doesn't work.

Re:This is not good

[swillden]

The article is about Google reducing the number of malware installs by 20%. That's not a big number, and that's APK level bragging. It means Google's solution doesn't work.

It's a huge number, if sustained year over year in the face of innovative malware authors. This is an arms race, and Google is staying ahead, and widening the lead.

Better solution is NOT purely technical

[shanen]

Why are there so many dangerous apps?

Look at the motivations of the people creating the malware. That is how you find the better solutions.

On that basis, I'll repeat my old and oft-ignored suggestion for a different solution approach: SHOW THE MONEY!

My suggested implementation would be a "financial model" tab or section as part of the app's description. It would basically have two parts, (1) one part from the developer (or distributor) and (2) one part from the google.

(1) The developer would usually be able to select from a few well-known and legitimate options, and most apps are going to fit into those boxes. However the developer should be able to say anything, even including "The financial model of this app is a secret and I'm not going to tell you about it."

(2) The google's part would be outside of the developer's control, though there should be some negotiating room there, for example if the developer is willing to reveal extra information. In general, the google will be well positioned to report on such things as "There have been many registrations of the premium version of this app" or "Substantial advertising revenue has been paid to this developer." In trickier cases, such as the example above, the google might be able to say something like "We have confidentially reviewed the secret financial model and do not believe it to be a criminal enterprise" or "We are unable to say anything about the developer's financial model."

By following the money the potential victims will have a much better chance of avoiding getting victimized.

Time's up for now, but as usual, I bid you ADSAuPR, atAJG.

Re:Better solution is NOT purely technical

[tlhIngan]

Why are there so many dangerous apps?

Because the Google Play Store, unlike the Apple App Store, has generally been a free for all, letting developers post anything and everything without going through a review process. This was done as a counterpoint to the Apple App Store which requires all apps to undergo review.

So as developers rebelled against Apple for having their apps reviewed, they gladly created Android only apps, improving the ecosystem.

Of course, if you have a free for all, it's obvious that bad actors will move in - a unchecked app store where you can post anything and everything pretty much means it's soon going to be overrun with malware. That's not to say Apple's approach is perfect, but it adds a bit of "there's a chance I'll be caught" to it and Apple will simply not publish your app.

The problem now is that it's a lot harder to impose restrictions on what was once a free for all, versus Apple relaxing its restrictions on apps

Re: Better solution is NOT purely technical

[Cmdln+Daco]

Apple blocks whole categories of apps for reasons that have nothing to do with malware or privacy.

Wow

That's almost like 100%

80% of Harmful Android App Installs Foil Protect

Now correctly worded. Or it would be if we got more characters in the subject line.

crap

What a shit show. You shouldn't need app to protect you from Google's walled garden app store. That means the app store is completely broken.

Re: crap

[Cmdln+Daco]

You can't get an app to protect you from Apple's walled garden.

20 100

[DarkRookie2]

Its not all. I thought thats what the Store was for. Not installing malware on your phone.
The store is no better than downloading from the internet.