Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

Android security report shows why you should stick to Google Play

Malware attacks from outside Google's app store soared in 2015.

Many security-conscious types will tell you to only grab apps from Google Play if you want to avoid malware, and Google just provided a good reason why. The internet giant has released its second-ever annual Android security report, and it's clear that how secure you are depends heavily on where you go for software. Attempts to install malware within Google Play dropped significantly between 2014 and 2015, with no more than 0.15 percent of users grabbing some kind of rogue code. However, that figure shoots up to 0.5 percent when you consider all Android users -- Google says it saw an uptick in attempts to compromise devices beyond its app store.

A lot of that discrepancy stems from what Google can do to clamp down on malware outside its own walls. Google Play already had screening to prevent hostile apps from getting through, and Google says that it reduced the chances of installing those apps by 40 percent last year alone. There are security measures beyond the store (such as post-install app verification), but they're limited -- the same freedom that lets you use non-Google Play apps also lets people write malicious apps that Google can't always catch. Many third-party app stores can't or won't screen as thoroughly.

Things should get better this year. Google's monthly security updates are increasing the likelihood that you'll be safe against attacks, even if the patches don't always arrive on time or on every device. Also, the rising adoption of newer Android flavors (namely Lollipop and Marshmallow) both gives Google more control over web code and increases the odds of spotting suspicious behavior before it's too late. You'll know that these were effective if next year's security report is all sunshine and roses.