Google says less than .001% of Android malware evades Google Play security to cause harm

Google says less than .001% of Android malware evades Google Play security to cause harm
Every month or so there is a new story that comes out about how much malware can be found on Android or in the Google Play Store. Unfortunately, most of the reports don't include all of the information that you'd expect. Stories about malware on devices often don't mention what harm is actually caused, nor that most malware comes from sideloading, or devices without the Google Play Store. And, stories about malware in Google Play don't tend to include stats on how quickly Google removes malicious apps. 

Google wants to tell its side of the story about malware, and not surprisingly, Google has a much different story to tell. According to Google’s Android Security chief Adrian Ludwig, there are multiple layers of Android security at work that end up with just .001% of malware even being able to attempt to evade security and cause problems. Of course, it should be noted that Google's numbers only include devices that have Google Play Services, and do not include non-Google Android devices which are often cited as being the most at risk for malware in regions like China and Russia. 

Interestingly, Google sees one major problem being that security researchers can estimate how many malware apps are out there, but they don't have Google's data on how often those apps are actually installed and go on to cause problems, which leads to exaggeration in reporting. Google says that the majority of malware on devices with Google Play comes from sideloaded apps, of which there have been about 1.5 billion installs. 95% of users have Verify Apps turned on, and .5% of that 1.5 billion non-Google Play installs give users a warning that they might be harmful. Of that .5%, Google estimates that 40% are community-created "rooting tools" (potentially dangerous, but not really malicious), 40% are fraudulent apps that try to steal money from the user's bill by making premium calls or text messages, and 15% are spyware, with the remaining 6% being mostly malicious apps that don't fall into the previous categories.

That warning leads to most users not installing the app at all. Just .13% will finish installing an app after a warning. This brings us to the .001% of apps that even attempt to evade runtime security, and some unknown number of apps that successfully evade security in order to cause problems. We would be interested to know what that number would be if people listened to the warning and didn't install any potentially malicious apps. 

Of course, all that said, you do still need to be careful, and you especially need to be careful if you are using an Android device that does not have a trusted app store on it, as any device that doesn't have Google Play Services is at a higher risk, especially if you have to rely on sideloading to get your apps. But, it should be noted that even Google's own data here is incomplete, because it doesn't mention anything about malware that evades detection in the Google Play Store and makes it out onto devices. Still, maybe this will help to quell some of the fearmongering that often surrounds Android. 

source: Quartz



1. Shatter

Posts: 2036; Member since: May 29, 2013

My question is has anyone on this site even gotten malware? From my understanding its mainly people who pirate apps that get it from people who release hacked versions of the app with malware in it.

3. SleepingOz unregistered

The ones who have never used Android will tell you they actually did.

7. JC557

Posts: 1921; Member since: Dec 07, 2011

Yup, the only time I had an instance of "malware" was downloading an outdated translation app from the Google app store. It kept sending me text spam and kept setting my GPS/ phone location to somewhere in the middle US. Be wary of apps that haven't been update in years and if most of the reviewers are in asian and other foreign languages. Other than that my phone hasn't seen viruses or other junk and I only sideload Flash.

10. Sakeem

Posts: 862; Member since: Sep 05, 2012

I haven't. I dont download 3rd party apps and i have been fortunate to not get hit with malware fromt he play store.

2. JMartin22

Posts: 2372; Member since: Apr 30, 2013

And that's the only instance people have bad things happen to them. When they're engaged in unlawful or morally questionable activity. This research cements that the hysteria that generally plagues Android as unsafe, in comparison to iOS, is a bunch of bullcrap. iOS isn't a "sanctuary" either by any means. It's been hacked and evaded; such as malware sweeping past their App Store and hackers bypassing their crappy fingerprint scanner.

4. blingblingthing

Posts: 978; Member since: Oct 23, 2012

Anyone well informed knows how secured his phone is. It is really sad ppl think android lacks security.

5. itsdeepak4u2000

Posts: 3718; Member since: Nov 03, 2012

Still the defense system and layers are very good on Android. Malwares chances are mostly from outside of Playstore.

6. Berzerk000

Posts: 4275; Member since: Jun 26, 2011

Glad to see Google is finally putting all those ridiculous malware reports to rest.

8. Sniggly

Posts: 7305; Member since: Dec 05, 2009

I do find it interesting that in stark contrast to an OS like, say, Microsoft's Windows platform, Google actually has taken the time to build up a pretty strong fortress of security around Android, instead of forcing customers to invest in hundreds of dollars of antivirus apps. This is one of so many reasons I think that Google could destroy both Apple and Microsoft in the PC realm if they start pushing full Android powered desktop and laptop computers. In fact, perhaps that is WHY they're publishing this report now. Perhaps Google is priming the public for selling points on Android as a computer OS choice as preparation for Kitkat and 64 bit/computer support.

9. ScottSchneider

Posts: 336; Member since: Dec 06, 2011

Well... This is a Nice way to say it... Hats off Sniggly... +1

11. Googler

Posts: 813; Member since: Jun 10, 2013

I think the world is ready for a high profiled name to make the computer war a three way dance. Linux almost pulled it off and Ubuntu shows a tremendous amount of potential but they don't have the household name that Google does. I would welcome more options.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.