With over two billion active Android devices worldwide the Android security team is devoted to securing android devices to prevent lost time, revenue or essential data. The recently published fifth annual Year in Review report is geared towards updating customers, partners and Android users and includes the “many advancements that the Android Security and Privacy team has made over the last year and gives you a transparent look at some of the key metrics we’ve collected.” Android’s massive investment and continuous improvement in security and privacy technology and operations have
The core pillars of layered security, transparency and openness, and Google-backed intelligence are the main concepts that permeate the report. The report contains six contents categories, an overview, Android Platform Security, Google Play Protect, Ecosystem Data, PHA Families and lastly, acknowledgements.
The report includes an overview with two subsections entitled “Our Strategy” and “The Best of Android Security & Privacy in 2018”. “Our Strategy” includes three pillars: Layered Security, Transparency and Backed by Google. The second section includes discussion on Potentially Harmful Applications (PHAs) and Google Play Protect’s role in thwarting PHAs.
Android platform security and privacy section includes subsections on “Updates and features” and “Vulnerability rewards and updates. “Updates and security features” includes information on Android 9 security and privacy features. Whereas “Vulnerability rewards and updates” contains the interesting subjects, “Android security rewards programs”, “Security research competitions and zero day vulnerabilities”, “Researcher partnerships”, “Android security updates program” and “App security improvements program.”
Google Play Protect contains information regarding “the most widely deployed mobile threat protection service in the world” and how it keeps Potentially Harmful Applications (PHAs) at bay. The article section includes the subsections, “New features and improvements in Google Play Protect and Find My Device”, “Improvements in cloud-based security analysis” and “System image scanning.”
“Ecosystem Data” further elaborates on “Potentially Harmful Applications (PHAs)” including User-wanted PHAs and Mobile unwanted software (MUwS). “Device and ecosystem hygiene” details measuring device hygiene and includes such outstanding facts as the following:
“In 2018, 0.45% of all Android devices running Google Play Protect had installed PHAs, compared to 0.56% of PHA-affected devices in 2017. This equates to a 20% year-over-year improvement to the health of the Android ecosystem.”
“PHA distribution analysis” determines how PHAs are distributed inside and outside of Google Play.
The fifth section of the report, “PHA Families,” elaborates on the Potentially Harmful Applications (PHAs) families that Google Play Protect occasionally detects: Chamois, Snowfox, Cosiloon, BreadSMS, View SDK, Triada, CardinalFall, FlashingPuma, EagerFonts and Idle Coconut.
Finally, “Acknowledgments” recognizes the Google teams, Android partners, and the external researchers that help make Android safer everyday.