Google Slashes Android Malware in Half

When it comes to the sheer numbers of malware targeting mobile devices, there’s not been much in the way of good news for owners of devices running the Google operating system Android.

For instance, Cisco’s 2014 Annual Security Report, published in January 2014, found that 99 percent of all mobile malware actually targeted the Google Android operating system in the previous year. The largest malware category, by far, was illegitimate apps in unofficial marketplaces.

Since that report, it seems Google went to work to improve the security of its Android software.

Through implementing a series of security enhancements, Google says it has managed to reduce the amount of Android malware by half. And according to Google, in 2014, less than 1 percent of devices had harmful apps installed, and of those users who install apps only on Google Play (a wise move), that figure came down to 0.15 percent.

According to Google, there were a number of security improvements last year, such as full-disk encryption, more hardware- protected encryption, and enhancements to the Android application sandbox with SELinux-based Mandatory Access Control (MAC). Google also says that developers were provided better tools to find and fix or respond to security vulnerabilities. Hardware makers are also part of the plan to make Android more resilient. “We provided device manufacturers with ongoing support for fixing security vulnerabilities in devices, including development of 79 security patches, and improved the ability to respond to potential vulnerabilities in key areas, such as the updatable WebView in Android 5.0,” Google wrote in its report.

The end of 2014 saw two big updates for Android, with Android 4.4 and the Android 5.0 preview. Both updates came with security improvements as patch updates to fix recently disclosed vulnerabilities. According to Google, by early February, Android 4.4 became the most widely distributed version of Android and more than 41 percent of Android services that check in to Google services are operating Android 4.4 or higher.

They are outstanding numbers, but they don’t tell the full story. As eWeek’s Sean Michael Kerner wrote in his story Android Security Improved in 2014, yet Risks Remain, there are many people who still need to upgrade: “With Android 4.4 representing approximately 41 percent of Android devices, that means that more than half of all Android devices and the majority of Android users are running older software. The challenge and the risk is that not all of those older versions of Android are being actively maintained or patched by either Google or its Android handset partners.”

With that said, there is tremendous amount of work with phone makers and awareness among users underway so users of older Android devices can maintain their devices securely. And it’s just a matter of time before these enhancements make their way out to the broader user base.

Additionally, here are some security enhancements Google highlighted as part of Android 5.0:

Android sandbox reinforced with SELinux.

Android 4.4 required that SELinux be in enforcing mode for select system domains, and Android 5.0 now requires SELinux in enforcing mode for all domains. SELinux is a mandatory access control (MAC) system in the Linux kernel used to augment the existing discretionary access control (DAC) security model. This new layer provides additional protection against potential security vulnerabilities by reducing exposure of system functionality to applications.

Improved full-disk encryption.

Full-Device Encryption was introduced with Android 3.0, using the Android screen-lock secret to wrap a device encryption key that is not sent off the device or exposed to any application. Starting with Android 5.0, the user password is protected against brute-force attacks using scrypt and, where available, the key is bound to the hardware keystore to prevent off-device password brute-forcing attacks. On devices that ship with Android 5.0 out-of-the-box, full-disk encryption can be enabled by default to improve protection of data on lost or stolen devices.

Multi-user, restricted profile and guest modes for phones and tablets.

Android 4.2 introduced multiple users on tablet devices. Android 5.0 provides for multiple users on phones and includes a guest mode that can be used to provide easy, temporary access to your device without granting access to your data and apps.

Improved authentication for phones and tablets.

Android 5.0 introduced Smart Lock trustlets that provide more flexibility for unlocking devices. For example, trustlets can allow devices to be unlocked automatically when close to another trusted device (via NFC, Bluetooth) or being used by someone with a trusted face.

More can be found in the full Android Security 2014 Year in Review. report


  1. auguryharbinger says:

    Anything is safe until the user gives access via permissions to riskware.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: