Play Protect, the security service that arrived on Android last year, reviews more than 50 billion apps each day, Google claims.
Launched in May 2017, Google Play Protect brings together various security services for Android, many of which have been available for years, but without being as visible as they are now. Mainly designed to protect users from Potentially Harmful Apps (PHAs), it reviews not only billions of apps, but other potential sources of PHAs as well and user devices, to take action when necessary.
Play Protect was designed to automatically check Android devices for PHAs at least once a day, and also provides users with the possibility to conduct additional reviews at any time. Because of these daily checks, nearly 39 million PHAs were removed last year, the Internet giant reveals.
According to Google, Play Protect uses various tactics to keep users and their data safe, including machine learning, which helped detect 60.3% of all Potentially Harmful Apps, a number expected to increase in the future.
Play Protect also receives updates to harden it to malicious trends detected across the ecosystem, the company says. Because nearly 35% of new PHA installations were occurring when the device wasn’t connected to a network, offline scanning was enabled in Play Protect in October 2017, resulting in 10 million more PHA installs being prevented.
Compared to 2016, 65% more applications submitted to Google Play were reviewed. The company removed over 700,000 Android applications from Google Play last year. According to Google, users downloading apps exclusively from Play were nine times less likely to get a PHA compared to those downloading from other sources.
However, Play Protect also protects users outside the Google Play, and has decreased the installation rates of PHAs from other sources than the official store by more than 60%, Google notes in a blog post.
In addition to keeping users safe from harmful applications, Google focused on improving the process of delivering security updates for Android devices in 2017. Thus, 30% more devices received security patches than in 2016, the company says.
The Android Security Rewards Program and built-in security features of the Android platform allowed the company to patch critical security vulnerabilities in Android before they were publicly disclosed. Last year, the company also launched Google Play Security Rewards Program, which offers bonus bounties for select critical vulnerabilities in apps hosted on the official store.
Throughout 2017, Google paid $1.28 million in rewards to researchers reporting vulnerabilities in Android (over $2 million were awarded since the program started). The top payouts for exploits targeting TrustZone and Verified Boot were increased from $50,000 to $200,000, while payouts for remote kernel exploits from $30,000 to $150,000.
At the 2017 Mobile Pwn2Own competition, no exploits successfully compromised the Google Pixel, while those demonstrated against devices running Android did not work on devices running unmodified Android source code from the Android Open Source Project (AOSP).
In January 2018, Google revealed that it did pay a team of researchers over $100,000 for a working remote exploit chain targeting Pixel devices.
Released in fall last year, Android Oreo brought a series of security improvements as well, including more secure network protocols, increased user control over identifiers, hardened kernel, and more.
“We’re pleased to see the positive momentum behind Android security, and we’ll continue our work to improve our protections this year, and beyond. We will never stop our work to ensure the security of Android users,” Dave Kleidermacher, Vice President of Security for Android, Play, ChromeOS, said.