Based on data collected by Google, less than one percent of Android devices had a potentially harmful application installed last year. This includes devices on which users have installed applications from outside the official Google Play store.
The data was collected through a feature called Verify Apps that was first introduced in Android 4.2 back in 2012. The feature, which was also backported to Android 2.3 and higher in 2013, checks locally installed applications for potentially harmful behavior regardless of whether they were downloaded from Google Play or other sources.
Verify Apps initially scanned applications only at installation time, but since March 2014 it also performs background scans, so it can later detect malicious applications that weren't flagged when they were initially installed.
It can detect threats that fall into several categories: Generic PHA (potentially harmful application), Phishing, Rooting Malicious, Ransomware, Rooting, SMS Fraud, Backdoor, Spyware, Trojan, Harmful Site, Windows Threat, NonAndroid Threat, WAP Fraud and Call Fraud.
According to Google's data, the number of devices scanned by Verify Apps has increased steadily since the feature was first introduced, reaching over 200 million devices per day in November 2014.
Prior to October 2014, Verify Apps did not differentiate between devices that only installed apps from Google Play and devices with the "unknown sources" security setting enabled, which allow apps to also be installed from third-party apps stores and other sources, an action commonly known as sideloading.
Sideloading is believed to increase the risk of malware infection for Android devices. Unlike third-party app stores, Google Play has automated mechanisms in place to scan and detect potentially harmful apps uploaded by developers, so it's viewed as safer, even though some malicious applications do sometime make their way into the official store.
"During October 2014, the lowest level of device hygiene was 99.5% and the highest level was 99.65%, so less than 0.5% of devices had a PHA installed (excluding non-malicious Rooting apps)," Google said in a report released Thursday.
On Android, rooting is the process of gaining access to the highest privileged account on the system, called root. This is used by power users to enable advanced functionality that's normally restricted by default, or can be used by malware to escape the Android application sandbox and read data from other apps. So, rooting tools can be both non-malicious and malicious — usually in the form of exploits.
Devices that have been rooted, intentionally or otherwise, are believed to be at higher risk so Android's Verify Apps scanner can detect both types of rooting apps.
In October, approximately 0.25% of devices had a non-malicious Rooting application installed, Google said.
Some general statistics in Google's report are based on data collected between November 2013 and November 2014, but those that break down data between devices with Google Play-only apps and those with sideloaded apps only cover a two-week period — mid-October to Nov. 1.
Sign up for CIO Asia eNewsletters.