With over 2 billion devices actively running Android, securing the wide variety and types of devices can be a challenge. But Google says that "Android security made a significant leap forward in 2017 and many of our protections now lead the industry." Google lays out its long-running efforts to fortify Android's defenses in a 56-page report when you can find here [PDF].
Rather than boring you with the minutia of the entire report, we'll instead hit some of the highlights. We must first describe how Google measures data with respect to malware in the ecosystem. It uses the term potentially harmful applications (PHA) as a performance metric throughout the document. Google first points out that downloading apps directly from Google Play is the best possible avenue to prevent a PHA from taking hold on your devices. The company states that user who download from Google Play are 9 times less likely to install a PHA than those that go through a third-party app store or other source.
In addition, Google Play Protect -- which was first introduced last year and runs as a background process on Android devices -- helps to ensure the integrity of the user experience. It automatically performs safety checks on apps (prior to being downloaded from Google Play) and can warn user if it determines that an app could put your device at risk.
"Google is constantly improving our tools and methods, applying new machine learning techniques, and updating our detection and response systems to protect against new vulnerabilities and PHAs," writes Google in the report.
This diligence has paid off, as the annual probability that a user would download a PHA from Google Play during 2016 stood at 0.04 percent. In 2017, that annual probability was cut in half to just 0.02 percent.
Google also touts stepped-up security methods introduced in Android Oreo, however, the operating system is only installed on just 1 percent of all Android devices globally. Google is taking steps to making updating easier with initiatives like Project Treble and has made continual system-wide updates to reduce permissions for apps that could "go rogue" with respect to hoarding user information. The company has also made great strides in getting security updates to users, as the number of devices these patches increased by 30 percent during 2017.
When it comes to exploits in Android itself, it has increased payouts via its Android Security Rewards, which allows researchers to rake in the big bucks for reporting vulnerabilities to Google before they are exploited in the wild. By rewarding researchers and making the cost-benefit ratio untenable for malicious hackers to weaponize exploits, Google is making the overall Android ecosystem safer.
In the end, we must realize that this is a Google-produced report that is of course going to toot its own horn. Android is a [relatively] open operating system sitting on market share hovering around the 80 percent range. It has a big target on its back that no one can ignore. Is the Android ecosystem more secure than Apple's walled iOS garden? We don't if we can really answer the question, but without a doubt, Android users -- especially those running Android Oreo -- are much better protected today than they were even a year ago.