By Google's admission, up to five million Android users are plagued by malware

From its new 'Material Design' language to new smartwatches and Android TV, Google had plenty to announce during the keynote at its I/O conference yesterday. Alongside its big announcements, the company also shared some interesting statistics about the growth of its Android platform. 

For example, did you know that Android users collectively check their phones 100 billion times a day? Or that 93 million selfies are captured with Android handsets each day? Perhaps these figures aren't entirely surprising given that Android now boasts over one billion active users - an astonishing number, by any standard. 


Google's Sundar Pichai downplayed the issue of malware on Android... 

But there was another interesting statistic that many, including us, missed during the keynote, but which BGR highlighted today. Among the many subjects covered during the event was the issue of malware and Google's efforts in "security innovation" on the platform. Sundar Pichai, head of Android, said: "Based on every data we see, well, well less than half a percent of users ever run into any malware issues." 

Viewed purely as a percentage, that's a pretty low statistic. But when you're talking about a platform with a billion users, that 0.5% translates to as many as five million people suffering malware problems. 


...but as Apple's Tim Cook noted, Android still has more malware than all other mobile platforms combined

Pichai said that the company is now pushing security updates to Android handsets via Google Play Services "in order to get them to users within six weeks". Earlier this year, Google also introduced on-device monitoring as a further measure to fight against rogue apps. 

Source: BGR 

Report a problem with article
Previous Story

Microsoft updates Skype for Windows Phone, including Cortana integration

Next Story

Adobe launches Photoshop Express for Windows Phone, finally

65 Comments

Commenting is disabled on this article.

Only three ways of Google knowing FOR SURE the exact number.
1. If they where the ones that installed the malware.
2. If They scan each and every phone for malware.
3. If they track the data from the phone and determine by their own logic that is malware.

I doubt that any of the 3 are the case (as that would make an Android a compromised platform, making the malware argument moot, as the OS itself would be malware.) Assuming that neither of the 3 are likely, that leaves one option.

- The figures are estimates.

Which begs the question. Estimates based on what?

And if this is the case, they have no way of knowing for sure what is the real percentage of users affected. Nor should they know. A user should be responsible for their own device.

"There are lies, damned lies, and statistics." -- Samuel Clements.

BTW:
Why exactly is google collecting information of the calls each user does? Shouldn't that information be only between you and the company that provides you the phone line? What else is collected?

Ok so they said there are 1 billion active Android users (in a 30 day window) but phones are checked 100 billion times a day? Even if those 1 billion active Android users used their device every day, and all those devices were phones... who checks their phone 100 times a day?

Hello,

Mr. Pichai is quite correct that the amount of malware affecting Android is quite low. However, he is also being rather disingenuous. Right now, the greatest threat Android users face on their devices from apps is not malicious software, but Potentially Unwanted Applications ("PUAs"), which are classified differently than malware by developers of anti-malware software.

Potentially Unwanted Applications (also known as Potentially Unwanted Programs, etc.) is a term used as an umbrella to categorize programs which do not engage in behaviors that can be termed malevolent outright, but engage in sorts of behavior that some people find undesirable, such as collecting personally identifying information about the user: displaying overly intrusive advertising; making unsupportable, unreproducible and otherwise unverifiable claims about their abilities ("makes your device 10X faster," etc.); and doing other activities, that while objectionable to some users, may perform some kind of action that others want (or are willing to put up with in exchange for that functionality).

The amount of PUAs in the Android ecosystem is much higher than the amount of malware, and it is not exactly unsurprising that Google made no mention of this in their presentation.

Regards,

Aryeh Goretsky

Considering 1B users are running Android and only this small number have such is pretty remarkable. Wonder how Windows stands up. I would say, as long as you don't sideload apps, install crap from the Play Store and don't install custom roms or root, you likely won't have any problems.

I've not had any malware on any of my Android phones. I only install apps from reputable devs. I don't download themes and wallpaper apps anymore. If I want wallpaper, I go on Google and save them from a web page. Not by installing apps.

Since most computers users are stupid in general, the fact this number is so low vs how many people are on the Android as a whole, it looks like the vast majority are doing well, which is pretty much where most OS' are. Its never going to be 100%. Apple devices have malware too. After all, how does an app get through the so-call rigorous checks and get approved, only to be remove later without question or answer?

Hi_XPecTa_Chens said,
Wonder how Windows stands up. I would say, as long as you don't sideload apps, install crap from the Play Store and don't install custom roms or root, you likely won't have any problems.

As long as you don't install a fake antivirus app (sideload), you're probably not going to get infected on Windows. Most of it is social engineering.

...Meanwhile Windows Phone looks up from his paper to see what the rackets about, promptly shakes his head and back to reading his paper...

:D

Silver47 said,
...Meanwhile Windows Phone looks up from his paper to see what the rackets about, promptly shakes his head and back to reading his paper...

:D


More like, "Windows Phone feels oddly snubbed."

I love WP, but I have no illusions - our marketbase is too small to justify attacking right now. Android, like Windows, is where you'll get the best ROI.

Chikairo said,
... our marketbase is too small to justify attacking right now.

I think it's more than that.

I think it's just too damn difficult to get an app approved by the automated vetting process Microsoft use in their store.

deadonthefloor said,

I think it's more than that.

I think it's just too damn difficult to get an app approved by the automated vetting process Microsoft use in their store.

That, and the limited APIs and sandboxing don't allow you to do much harm. You'll never get an app approved if it uses unsafe APIs.

google wouldn't know. most AOSP devices don't talk back to the google empire for them to know just how badly infected they are. additionally, any good malware would ensure even nexus devices don't tell google their dirty little secrets.

android is indeed the epicenter of the largest virus infection on earth and a title it has rightfully stolen from MSFT. off course google wouldn't admit to it, but they know about and they really can't do anything. All that talk doesn't help the fact android is a security vulnerability on the waiting after another.

Android worse that Windows for malware? Ummm, ok. Malware has been a problem on Windows for decades and is still going strong even on Windows 8.

Main issue with Malware is the user itself doing stupid things. MY sister used to download and use Kazaa all the time and get infected more than a 2 dollar hooker. As soon as I educated her, she has not gotten any malware in years. Same with the rest of my family. Education and proper usage is key here. MS and Google can only do so much to protect the user and users must take responsibility.

Seems like the mentality around here is Android gets malware = being insecure, vulnerable, and more holes than swiss cheese. Windows = OK, no problems, and as secure as the Kings daughters virginity.

techbeck said,
MY sister used to download and use Kazaa all the time

Ouch. The Gnutella/FastTrack/Kad/etc networks have caused me more extra work than anything else when it comes to cleaning up people's mistakes.

Max Norris said,

Ouch. The Gnutella/FastTrack/etc networks have caused me more extra work than anything else when it comes to cleaning up people's mistakes.

After working remotely from AZ, she was in IL, for several hours cleaning her PC, I told her next time she does this, she will be paying me or someone else to fix it. It was really infected and normally I would wipe and start over on a PC that badly infected. But since I was 2k miles away, I had little options.

Meh it's not a surprise. If you're allowed to install third party software on it you can get malware, without exception. Android's got a lot of users, so there's going to be more cases. If you don't practice safe computing habits your odds go way up. It's not rocket science.

...but as Apple's Tim Cook noted, Android still has more malware than all other mobile platforms combined.
Har Har This is rich.....
Generally, when you start slamming the competition it means you are scared of it. It's funny as I am one of the 1 Billion Android users and never had malware on my Note II. Who do I "blame" that on?

Never had an issue either, nor did my friends, most of them use android. I don't know what you guys do with your phone. I guess years of using Windows told me that sometimes you need to check before installing suspicious apps.

xrobwx said,

It's funny as I am one of the 1 Billion Android users and never had malware on my Note II. Who do I "blame" that on?

oh really? and you know this how?
do you think the malware lets you know its phoning home while collecting your contacts and personal information?

Mr.XXIV said,
Really..

Yeah, really. I was implying by fact that it is the user that is mostly to blame. It goes back to the old, old argument of: If you take an android phone, sit it on a shelf for 2000 years it will never obtain malware until a user picks it up and installs malware on it by some act, usually involving the tip of a finger.

LeGourmand said,
Never had an issue either, nor did my friends, most of them use android. I don't know what you guys do with your phone. I guess years of using Windows told me that sometimes you need to check before installing suspicious apps.

It depends on the definition of malware any 1 person is working under. It's a disingenuous term, most people only think about hi-jack software as malware, but it's really any piece of software that does something other than what it's presented itself as doing. I've downloaded perfectly legitimate looking apps, and suddenly my device is consuming hundreds of megs of data from push ads.

Adam1V said,
oh really? and you know this how?

Same way you tell if your PC is infected. Use a program that scans for malware. Also, make sure you are downloading from good sources and from the company who actually makes the software. And chances are, other users already detected the malware so read the user reviews.

This isnt hard. I have not personally had malware in well over a decade on any of my systems.

xrobwx said,
I was implying by fact that it is the user that is mostly to blame

And that's an Android/Windows core developer's fault to let it happen to their users, even when they're stupid.

techbeck said,

Same way you tell if your PC is infected. Use a program that scans for malware. Also, make sure you are downloading from good sources and from the company who actually makes the software. And chances are, other users already detected the malware so read the user reviews.

This isnt hard.

Bruh, last time an Android user tried to check for infections, it turned out the app was fake.

Mr.XXIV said,

Bruh, last time an Android user tried to check for infections, it turned out the app was fake.

Fake apps are not malware. Otherwise, the percentage would be more that .5 percent. Like VirusShield. Wasnt malware, just scammed people out of money.

Mr.XXIV said,

Bruh, last time an Android user tried to check for infections, it turned out the app was fake.

Oh man, I hope you serve burn medicine with statements like that. Genious. Best line ever.

techbeck said,

Fake apps are not malware. Otherwise, the percentage would be more that .5 percent. Like VirusShield. Wasnt malware, just scammed people out of money.

Still doesn't excuse the fact that Google lets some crap bypass to their users.

Mr.XXIV said,

Still doesn't excuse the fact that Google lets some crap bypass to their users.

Fake apps are found on all platforms. Virus Shield was also found in the WP App store. Fake Google apps were also found in the WP Store. Crap happens.

techbeck said,

Fake apps are found on all platforms. Virus Shield was also found in the WP App store.

Nobody is disputing that. It's the overwhelming majority that occurs on Android OS.

techbeck said,
.....

I think what Mr.XXIV is saying is how can you scan for malware when the malware app is a fake app.

What malware scanner do you use for your Android?

What do you do when your Malware learns to hide from your scanner?

Truth is, people don't know what their phone or PC is doing unless they're examining the packets going out.

techbeck said,

Fake apps are not malware. Otherwise, the percentage would be more that .5 percent. Like VirusShield. Wasnt malware, just scammed people out of money.

That's what malware is... programs that don't work as intended and cause you harm.

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Fake apps do not fall in this group. Otherwise, malware would be rampant on iOS and WP as there are lots of fake apps in all app stores.

stevan said,

Nobody is disputing that. It's the overwhelming majority that occurs on Android OS.

It's the same as with Windows on PC's. Since it has the majority of marketshare it will be targeted more.

Mr.XXIV said,

And that's an Android/Windows/Apple core developer's fault to let it happen to their users, even when they're stupid.
There fixed that for you. :)

Bruh, last time an Android user tried to check for infections, it turned out the app was fake.

WTF is bruh?

stevan said,

Nobody is disputing that. It's the overwhelming majority that occurs on Android OS.

Why is that surprising considering Android has 80% of the market?

6 weeks to get a security patch? That's not very reassuring.

Also, that picture is a great example of marketing in action. Combining the words Android and Security Innovation is...imaginative. Still, I like that they're honest when they say that you have to factory reset your phone to remove the malware.

Excuse me. Seems they can't count. Over here in Asia the market accounts for somewhere around 65% of all Android devices. Reports here state that as many as 94% of these devices are infected with Android malware. I'm slightly numerate. I know for a fact that 65% of 94% is a little bit larger than 5%. Quite a bit larger if you ask me.

Time for Google to come clean.

techbeck said,
....

Using Major_Plonquer's numbers:

65% of 1Billion users = 650,000,000

94% of 650M = 611 Million infected.

Quite a disparity from Google's estimate.

He was talking about specific markets. Google was talking about less than half a percent of 1 billion users. Of course if you are market/region specific, the stats will be different.

techbeck said,
He was talking about specific markets. Google was talking about less than half a percent of 1 billion users. Of course if you are market/region specific, the stats will be different.

Seriously you can't see the difference between:
611,000,000
5,000,000

?

deadonthefloor said,

Seriously you can't see the difference between:
611,000,000
5,000,000

?

Seriously, can't you tell the difference between "Asian market" and "all android users"

Xenon said,
Is that from apps from google play or apps people install from other web site sources?

There were reports a while ago that .1 apps on the Play store were infected and most malware comes from 3rd parties.

Javik said,

Seriously, can't you tell the difference between "Asian market" and "all android users"

Exactly. Major was just talking about the Asia market while Google is talking about world wide.

Maybe I am missing something....

Edited by techbeck, Jun 26 2014, 6:46pm :

Javik said,

Seriously, can't you tell the difference between "Asian market" and "all android users"

So, did Google omit the entire Asian market when providing their numbers of the whole base of users? If 611,000,000 of your 1 billion users are infected with malware, then the 5% figure is inaccurate. If true, this is troubling. Though, I'd like to see a source for the Asian market's figure, as that's pretty damned high.

Major_Plonquer said,
Excuse me. Seems they can't count. Over here in Asia the market accounts for somewhere around 65% of all Android devices. Reports here state that as many as 94% of these devices are infected with Android malware. I'm slightly numerate. I know for a fact that 65% of 94% is a little bit larger than 5%. Quite a bit larger if you ask me.

Time for Google to come clean.

I'd love to see citations for that number. And definition of malware (which I find to be more nebulous than "virus," "Trojans," "spyware," etc).

NeoTrunks said,

So, did Google omit the entire Asian market when providing their numbers of the whole base of users? If 611,000,000 of your 1 billion users are infected with malware, then the 5% figure is inaccurate. If true, this is troubling. Though, I'd like to see a source for the Asian market's figure, as that's pretty damned high.


Google's numbers come from the Play Store. Not some irrelevant third party crap store, which is where like 95% of Android malware comes from. The fact that a lot of places in Asia don't have access to Google Play, is one of the reasons why malware numbers are so much higher there.

Javik said,
Seriously, can't you tell the difference between "Asian market" and "all android users"

Yes, I can. Asian market is a subset of All android users.
Meaning, the 1Billion users is made up of 650 Million users from the asian market and the rest of the markets combined.

I honestly can't understand how phandroids can't grasp simple math when it negates Google's word.

NeoTrunks said,

So, did Google omit the entire Asian market when providing their numbers of the whole base of users? .

Kinda doubt they would leave out Asia. Would be pretty obvious and everyone would be reporting on it. If they did, pretty big screw up.

deadonthefloor said,

I honestly can't understand how phandroids can't grasp simple math when it negates Google's word.

We are just having a convo so relax. Besides, there are people all over that will take what company they like word over any one else. Our those that won't believe anything a company says. Then there are those who wait for more info and give their opinion. Like what is going on now.

Unless you are blind deaf and dumb, I doubt many are taking Googles word in this. . Especially since nothing has been revealed about how they aquired this data. But there is nothing to dispute it because of again, lack of more info.

NeoTrunks said,

So, did Google omit the entire Asian market when providing their numbers of the whole base of users? If 611,000,000 of your 1 billion users are infected with malware, then the 5% figure is inaccurate. If true, this is troubling. Though, I'd like to see a source for the Asian market's figure, as that's pretty damned high.

No, they didn't. The guy that wrote that was obviously talking complete crap. Put simply, 66% of all Android phones are not infested with malware, it's ridiculously improbable.

deadonthefloor said,

Seriously you can't see the difference between:
611,000,000
5,000,000

?

Seriously, you are confident with that 94% figure (which induces your calculation) provided by who knows who?

I'd be willing to place a pretty large bet that the 94% figure is both a misremembered and inappropriately applied incarnation of the info from the F-Secure threat report for 2013. http://www.forbes.com/sites/go...the-easy-way-you-stay-safe/

To put it simply, that 97% figure is a percentage of new malware discovered in the wild which targets Android (of 827 new pieces of malware spotted in 2013, 804 of them target Android). It doesn't say anything about actual penetration. That metric comes later, where they report a mere 140,000 detections (unfortunately, there's no sample size listed, so it's hard to tell what that means, but there's likely incidences of multiple detections on a single device, and if they were able to capture a sample of even 1% of Android users, that means their figure [which amounts to 0.5-1.5%] is a mere statistical anomaly away from the 0.5% reported by Google).

And hey, what's this quote from the section of the report talking about Asia?
"Though the vast majority of the detections related to potentially unwanted applications (PUA), which are of relatively little concern, the most common malicious program we see being reported in the country is Trojan:Android/GinMaster. This malware is distributed in a trojanized app and when installed, uses an exploit to install additional applications on the device and steal information.

"As with most Android apps we identify as malware, these programs are mainly distributed through third-party app stores.

"More generally, India continues to report a wide range of detections that were once more common but have, in most countries, become almost extinct. Specifically, variants in the Sality, Ramnit and Autorun families (a polymorphic file infector, a worm with file infection capabilities and a worm, respectively) are prominently featured in the country's statistics. Again, these threats were addressed years ago by the developers of affected software, and their continued presence in the country points to an abundance of machines running older, un-updated software."

And how about this one where they start summing up Android? (Capitalization corrected, because this line originally appears in all-caps in the report.)
"As of the end of H2 2013, the number of known vulnerabilities on the android platform remains remarkably low, considering the amount of software carried in the whole ecosystem."

So yeah. I tend to believe that Google's figure is accurate, and Major_Plonquer is both British and particularly adept at choosing screen names.

.5 percent is a very low percentage and it doesnt state where the Malware is coming from. There were reports that .1 percent comes from the Play Store. Users stupid with their devices, they will have problems.

And he said less than half a percent, not half a percent. So it is not .5 out of a billion and the number is probably lower according to Google. But of course, no exact figures.

Edited by techbeck, Jun 26 2014, 5:03pm :

Half a percent on a closed system is crazy high. There are probably less than 10000 malware infected iPhones and basically none through the app store. Modern versions of Windows (phone, 7, 8, RT) are the same. Very low. Mac OS is actually a bit higher now, but they are pretty quick at updating the OS to fix each infection.

I love Android, but there have been LOTS of popular infected Apps in the App store, and I ran AV on my android phone when I used one. Now I use an Ativ S and don't worry about it.

techbeck said,
.5 percent is a very low percentage and it doesnt state where the Malware is coming from.

I think we know exactly where it's coming from.
Those 0.5% of users that are stupid enough to install my_hot_pic.jpg.apk :rolleyes:

Are they claiming that 0.5% of users have ever been compromised by malware, or that 0.5% of users at any given time are infected?

If they claim its option 1, they are lying, and if they claim option 2 then that is a really bad metric.

blaktron said,
Are they claiming that 0.5% of users have ever been compromised by malware, or that 0.5% of users at any given time are infected?

The most logical would be 0.5% of current/recent users.

It's not an issue for the vast majority, but you'd be amazed at how many people install cracked apps from who knows where just to save a buck or two...I suspect that's where a big chunk of the problem comes from.

Hahaiah said,
It's not an issue for the vast majority, but you'd be amazed at how many people install cracked apps from who knows where just to save a buck or two...I suspect that's where a big chunk of the problem comes from.

Someone on a forum posted an apk for my rooted phone that gives me extra features and it was on a forum so it must be safe!