Our team's destination is simple: secure to a greater extent than than 2 billion Android devices. It's our entire focus, in addition to we're constantly working to meliorate our protections to maintain users safe.
Today, we're releasing our 4th annual Android safety twelvemonth inwards review. We compile these reports to assist educate the populace most the many dissimilar layers of Android security, in addition to too to concur ourselves accountable hence that anyone tin dismiss rail our safety move over time.
We saw some actually positive momentum concluding twelvemonth in addition to this post service includes some, but non nearly all, of the major moments from 2017. To dive into all the details, you lot tin dismiss read the sum written report at: g.co/AndroidSecurityReport2017
Google Play Protect
In May, nosotros announced Google Play Protect, a novel habitation for the suite of Android safety services on nearly 2 billion devices. While many of Play Protect's features had been securing Android devices for years, nosotros wanted to brand these to a greater extent than visible to assist assure people that our safety protections are constantly working to maintain them safe.
Play Protect's core objective is to shield users from Potentially Harmful Apps, or PHAs. Every day, it automatically reviews to a greater extent than than l billion apps, other potential sources of PHAs, in addition to devices themselves in addition to takes activity when it finds any.
Play Protect uses a diverseness of dissimilar tactics to maintain users in addition to their information safe, but the impact of machine learning is already quite significant: 60.3% of all Potentially Harmful Apps were detected via machine learning, in addition to nosotros facial expression this to increment inwards the future.
Protecting users' devices
Play Protect automatically checks Android devices for PHAs at to the lowest degree in ane trial every day, in addition to users tin dismiss bear an additional review at whatsoever fourth dimension for some extra peace of mind. These automatic reviews enabled us to take away nearly 39 ane K one thousand PHAs concluding year.
We too update Play Protect to response to trends that nosotros regain across the ecosystem. For instance, nosotros recognized that nearly 35% of novel PHA installations were occurring when a device was offline or had lost network connectivity. As a result, inwards Oct 2017, nosotros enabled offline scanning inwards Play Protect, in addition to have got since prevented 10 ane K one thousand to a greater extent than PHA installs.
Preventing PHA downloads
Devices that downloaded apps alone from Google Play were ix times less probable to acquire a PHA than devices that downloaded apps from other sources. And these safety protections maintain to improve, partially because of Play Protect's increased visibility into newly submitted apps to Play. It reviewed 65% to a greater extent than Play apps compared to 2016.
Play Protect too doesn't only secure Google Play—it helps protect the broader Android ecosystem equally well. Thanks inwards large exercise to Play Protect, the installation rates of PHAs from exterior of Google Play dropped yesteryear to a greater extent than than 60%.
Security updates
While Google Play Protect is a corking shield against harmful PHAs, nosotros too partner alongside device manufacturers to brand certain that the version of Android running on user devices is up-to-date in addition to secure.
Throughout the year, nosotros worked to meliorate the procedure for releasing safety updates, in addition to 30% to a greater extent than devices received safety patches than inwards 2016. Furthermore, no critical safety vulnerabilities affecting the Android platform were publicly disclosed without an update or mitigation available for Android devices. This was possible due to the Android Security Rewards Program, enhanced collaboration alongside the security researcher community, coordination alongside manufacture partners, in addition to built-in safety features of the Android platform.
New safety features inwards Android Oreo
We introduced a slew of novel safety features inwards Android Oreo: making it safer to acquire apps, dropping insecure network protocols, providing to a greater extent than user command over identifiers, hardening the kernel, in addition to more.
We highlighted many of these over the class of the year, but some may have got flown nether the radar. For example, nosotros updated the overlay API hence that apps tin dismiss no longer block the entire covert in addition to forestall you lot from dismissing them, a mutual tactic employed yesteryear ransomware.
Openness makes Android safety stronger
We've long said it, but it remains truer than ever: Android's openness helps strengthen our safety protections. For years, the Android ecosystem has benefitted from researchers' findings, in addition to 2017 was no different.
Security vantage programs
We continued to encounter corking momentum alongside our Android Security Rewards program: nosotros paid researchers $1.28 million, totalling to a greater extent than than 2 ane K one thousand dollars since the get-go of the program. We too increased our top-line payouts for exploits that compromise TrustZone or Verified Boot from $50,000 to $200,000, in addition to remote nub exploits from $30,000 to $150,000.
In parallel, nosotros too introduced Google Play Security Rewards program in addition to offered a bonus bounty to developers that regain in addition to reveal select critical vulnerabilities inwards apps hosted on Play to their developers.
External safety competitions
Our teams too participated inwards external vulnerability uncovering in addition to disclosure competitions, such equally Mobile Pwn2Own. At the 2017 Mobile Pwn2Own competition, no exploits successfully compromised the Google Pixel. And of the exploits demonstrated against devices running Android, none could live on reproduced on a device running unmodified Android source code from the Android Open Source Project (AOSP).
We're pleased to encounter the positive momentum behind Android security, in addition to we'll maintain our move to meliorate our protections this year, in addition to beyond. We volition never halt our move to ensure the safety of Android users.
