A lot of accusations have been made across the ages about Android and its security, and many have claimed some “issues” for many-a-reason. However, how many of these accusations are actually true and just how secure is Android? Well, Google has decided to try and prove a point and actually released a chart proving how Android’s multiple-layered security works. I’ll actually go ahead and post that chart below for you to see and not waste too much time searching for it:
Frankly, other companies and competitors love spreading Fear, Uncertainty and Doubt ( we’ll go ahead and call it FUD from here on ) about Android in hopes of turning people away from it. They love to exaggerate and make claims such as “Android’s malware issue is out of control” or such. Of course, the antivirus companies aren’t excluded from this category, as they also profit from the negative image spread about Android.
However, it’s not necessarily their fault. While these tactics are dirty, they’re pretty much common courtesy in the competitive business. They’re actually expected to do that, but they miscalculated on one small aspect. You see, until recently Google had no way of seeing the exact stats, until they finally managed to do it and posted the results in the above chart which illustrates its Multiple Layers of Defense at work.
According to a presentation by Android Security Chief Adrian Ludwig, there’s an estimate that less than 0.001% of application installst are able to evade the platform’s multi-layered defenses, defenses which include sandboxed permissions, app verification, trusted sources and runtime defenses. Also, in this number are included both the apps downloaded from Google Play as well as the 1.5 billion apps installed through other means ( like side-loaded apps or from alternate app stores ). So, in conclusion to this: when installing from non-Google sources, under 0.5% apps are flagged by the app verification system; from them under 0.13% of these apps end up being installed by the user; from those under 0.001% of these atempt to evade Android’s runtime defenses; therefore the number that can cause actual harm is smaller than 0.001% of the apps that users attempt to install.
Another valid question for which I have a very good answer is: which apps are most frequently flagged by the application verification system? Well, research presented by Ludwig demonstrated that nearly 40% of these flagged apps end up being “fraudware” ( or apps that make premium phone calls and text messages ), another 40% are rooting apps ( while these are “potentially harmful”, they’re not really truthfully malicious ), then there’s 15% of them that are commercial spyware ( awful little buggers that track things such as Internet behavior and collect your personal information ) and the remaining 5% is a various group of truly malicious apps.
Now, looking at the bigger picture, 0.001% is a very small number ( it equates to 1 in 100.000 being truly harmful ). Why ANYONE would be foolish enough to think that 1 in 100.000 is bad is beyond me. If you stop and consider it, there’s a heftier chance than that for you to die on your way to work. All things considered, the vast majority of users should be pretty safe by employing good security practices ( or simply leaving the default security settings ON without turning off any of the important stuff ) and just getting apps from trusted sources – if not that at least read all the permissions before-hand ( they’re not that many, it’s not like a User Agreement ).
Now without getting tangled in any overly-complicated conspiracy theories, it’s important to realize nobody here is to be trusted – while other companies can profit from Android Security FUD, so can Google themselves. No group is truly impartial here, not as long as there is something to be gained. The only true decision here in which you can trust fully is your own – it is up to you, the user, to decided your personal favorite and who’s word you want to take for granted.
In the meantime, Android still remains my favorite OS available yet ( position’s not fixed, however, and when something better will come along I won’t shoo it away automatically ). Also, I must admit that I was sort of “reckless”, as I’m not a user that just restricts himself to “trusted sources”. However, in my attempts to turn everything in my favor and in rooting my phone a month after getting it, I have not once had a problem with my device – be it on the hardware or the software side. It just goes to show you, with or without multiple layers of security, in the end the best guard of all is User Caution.