Today, Google released its fifth annual security and privacy report. Despite an overall increase in potentially harmful application (PHA) downloads -- due to the fact that click fraud is now included in the PHA category -- Google is optimistic, saying the "overall health of the Android ecosystem improved."
More specifically, the percentage of PHAs downloaded from Google Play increase from 0.02 percent in 2017 to 0.04 percent in 2018. "If we remove the numbers for click fraud from these stats, the data shows that PHAs on Google Play declined by 31 percent year-over-year," the report says.
Google doesn't have an easy task of securing the more than two billion Android devices worldwide. But with its AI-driven Google Play Protect, which debuted in 2017, it's able to scan over 50 billion apps daily. In 2018, Google continued to build on Google Play Protect's machine-learning capabilities.
Other statistics support the drop in PHA installs. In 2018, 0.45 percent of Android devices running Google Play Protect had PHAs installed. That was down from 0.56 percent in 2017. And Google Play Protect prevented 1.6 billion PHA installation attempts from outside of Google Play -- though the report doesn't say how many installation attempts it blocked inside Google Play.
Still, despite Google's best efforts to protect Android devices, we've seen malware resurface on Google Play simply by using a new publisher and new app names, and a massive ad scam stole millions of dollars. Earlier this month, Check Point researchers alerted Google to adware nicknamed "SimBad." Google removed 210 infected apps, but not before they'd been downloaded 150 millions times. With click fraud on the rise -- it accounted for 54.9 percent of the total PHA installation rate and mainly targeted the US, Brazil and Mexico -- that might be Google's next big challenge.
You can take a look at the full report here.