Google has released a white paper detailing what the Android security team's been working on in the last year. Of course, this is the company reporting on itself, but it at least offers an insight into the degree of security threats the company has to deal with. In 2014, the company noted 79 vulnerabilities, with 41 of them moderate. There's also high and critical severity levels, but nothing reached red alert status last year. 73 of these issues have already been delivered to Android's open source project, with six left to be added. (Phone makers and carriers get access to the vulnerability issues so they can patch before the issue is made public.) The paper goes on to detail how security's been beefed up on Google's mobile OS; Read on for more.
The paper notes that there's been two major updates since November 1 2014 (that's Android 4.4 and Android 5.0's preview), with the former now on over 41 percent of devices. These latest versions include better disk encryption, guest modes and improved authentication methods that allow guest users to use a locked device if they're a familiar face (literally), or near a trusted device -- say the guest's own smartphone. Devs also now have increased access to tools to detect (and fix) vulnerabilities, which should hopefully speed up solutions when something malicious appears.
The company's upgraded security has expanded to its Play online store front, with a "safety net" included that aims to protects users against non-app issues like network attacks. With regards to apps, the security team has found that less than one out of every million apps installed was deemed a malicious one. To identify PHAs (potentially harmful apps) before they even appear in Google Play involves a machine learning system that apparently pokes at millions of data points and relationship graphs for its security detection screen.
Google's data suggests that the percentage of Android phones that didn't have any PHAs stood at around 99.5 percent at its lowest in October 2014, although this figure excludes anyone that rooted the phone and, er, freed up the security system built into the mobile OS. Notably, this figure is from before both Android 4.4 and its successor. The company counts that it's got one billion devices protected by its Android security services: its Verify Apps service now scans over 200 million devices a day in the background, aimed at improving device security. Google is quick to add that none of your pics, location data or personal information is accessed. Phew.