Skip to main content

Google says it cut Android malware in half in 2014

Google says it cut Android malware in half in 2014

Share this story

Google has been cracking down on Android malware, and according to a new Android State of the Union report, it's starting to see real progress in the fight against harmful software. The new report says that the global rate of harmful software installs fell by 50 percent over the course of 2014. By Google's accounting, only 1 percent of Android devices had a harmful application installed in 2014, and for when devices only installed applications from the Google Play store, that number fell to .15 percent.

"We thought it was really important to put as much data as we could out there."

Those are broad numbers, based on Google's own definition of Potentially Harmful Applications, but Google is also offering a 44-page report for those seeking more details, covering everything from ransomware to SMS abuse. "We thought it was really important to put as much data as we could out there," said Adrian Ludwig, the lead engineer for Android security. "I kind of apologize for the fact that it's 40-some pages, but hopefully next year it will be 150 pages and we'll get even more data." It's part of a larger ecosystem cleaning effort at Google, which also includes keeping an eye out for potentially harmful Chrome extensions. Last week, Google engineers announced they had disabled nearly 200 harmful extensions in Chrome, which collectively affected roughly 14 million users.

The report doesn't mention Android's recent WebView vulnerability, affecting Android phones running Jelly Bean or older, which Google controversially declined to patch earlier this year. But Ludwig defended the decision as the best way to protect Android users in a fragmented ecosystem. With many phones cut off from Android updates, Ludwig told The Verge, the best option was to alert applications that it was time to leave WebView behind. Most major mobile browsers have already made the necessary shift. "Those older devices simply were not receiving updates. So making the updates available to OEMs, while we continue to do that, it didn't mean that the updates were getting to users," Ludwig said. "The applications are actually able to be more nimble and more responsive."