Harmful Apps on Android Play store

Posted on August 30, 2019


I am often asked about the potential for the apps on the Play store to be harmful, and therefore make using Android devices unsafe in an enterprise setting.
And I think that in the early days of Android this a perceived risk that and was often true.
However the Android team have been tackling this problem through the use of Anti-Malware scanning and indeed their solution is the largest anti-malware system in the world.
The rates of scanning for the Play store and the 2.5B devices that use it are quite staggering.
Currently 50B, yes that’s 50 billion, apps are scanned every day, and are verified as safe. This verification is carried out by your Android device in the background. This daily scan allows for rapid responses to any malicious code that is found, and the exploit window remains short.

The Play store itself also scans the code of the apps that are in the store. It will verify all apps that are uploaded for publication. However it does not rely just on this one time inbound check, as that would mean that currently unrecognised malicious code that is in an app would remain in place. Therefore they also recheck 500k apps every day with the latest verification codes.

What this means is that if you use apps from the play store (for personal or business use you can be quite certain they are free from malicious code.
You’ll notice I said quite not absolutely. So what is the risk.
For 2018 the chances of downloading a Potentially Harmful App (PHA) was 0.04%.
And that’s just the download, remember your device will re-scan every day (hence the 50B scans mentioned above) and thus if the PHA is subsequently recognised as malicious then it will be caught in the daily scan, or at least that’s the theory.

By the way if you download apps from other app stores other than the Play store, the PHA percentage goes up to 0.92%. Orders of magnitude more. Indeed back in Q1 2017 that figure was 2.5%, so progress is being made in the indie or OEM stores. In contrast the PHA percentage for Play has remained at or around 0.04% during that period.

Also when did you’re Android phone last tell you it had found a bad app ?

I’m not an apologist or blinkered Android fanboy, however I did want to help you evaluate the risk for your self.

I took the data from presentations at the Android Enterprise, so they should be accurate and truthful, and as they said at the summit,

Android is ready for business.

Posted in: Apps, Business, devices