In order to allow Android users to more fully understand the situation of the Android system, Google since the year before the start of the Android application security survey. Google released the first Android system security report last year, Google released this week, second copies, which is the year 2015 Android system security report. 2015 annual Android system security report in the form of PDF documents provided to the outside world to download, a total of 46 pages of documents. We selected part of the detailed analysis of potential harmful software (Potentially Harmful Applications, PHA)
Google a total of potentially malicious software is divided into ten major categories, namely data collection, spyware, Trojans, malicious downloads, phishing, permission to upgrade, backdoor, SMS fraud, WAP fraud and Rooting.
Above figure 1: the proportion of Play Google in 2014 and 2015, the proportion of potential malware
From the chart we can see Google play in potentially malicious software in the vast majority of is because the collection of data was found, other categories of potentially malicious software, the sum of the number not to half of the data collection.
In addition, from the above data we can see that the total proportion of potential malware in Play Google in 2014 and 2015 are: 0.24% and 0.13%.
This does not mean that the threat of Android applications less, on the contrary, the threat of Android application is not only not reduced but increased year by year. Data reduction is only Google audit and scan more stringent blocking a lot of PHA.
Figure two: the proportion of potential malware in the third party app store in 2014 and 2015
Figure third is the two party app store potentially malicious software in 2014 and 2015 compared to the figure, we find it is very easy to find the situation is very bad.
In which the data collection software increased two times the previous year, malicious downloads compared to the previous year, an increase of forty-two times, the authority to improve over the previous year increased by eleven times.
Use Android devices of the students should be relatively easy to understand the above, because many software installed will applications do not need to access, such as a flashlight app to obtain position, obtained from the address book, read / send text messages, and so on.
And malicious downloads are more common things, such as integral wall this kind of force users to download an application to remove the integral wall at least still is open and aboveboard.
And do not know how many users of Android devices have been reduced to a new era of chicken, the background automatically download all kinds of promotional APP, analog click and so on to help some criminals to make money.
Figure 2 we also see the root class application in 2014 and 2015 are high. In China, for example: on the one hand, mobile phone manufacturers in order to earn more profits will be pre installed many can not uninstall the application, if the user wants to uninstall must root to unload; on the other hand, in addition to essentially requires the root user a considerable part of the user is in shady among is root.
In China's third-party applications store root class application is endless, in addition to this part is in order to root and the development of application and require the use of the direct integration of the root function directly in the background of the root.
Android device for Root after the security is greatly reduced, and even some of the Trojans can be directly on the device after Root to set up their own can not be unloaded so that users can not start.
Google's current practice is strengthening machine learning ability and event correlation to detect potentially harmful behavior, including detection every day more than 60 million users to install mobile applications to detect malware and potentially unwanted programs.
Google is also a daily scan of 400 million devices on the network and equipment threats, through the Browsing Android protection Safe devices on the hundreds of millions of Chrome users and so on.
Between Play Google in China's actual situation, we can only use the third party application store to download or download the official website through the application.
But practical situation is unsatisfactory, in an attempt to the second one, the proportion of PHAs in the app store may be much higher than Google statistical data.
In charge of this aspect of China's administrative department of industry and information technology (hereinafter referred to as the Ministry of industry and information) in the domestic application of several checks of the domestic market, have found a lot of PHAs.
The Ministry of China's domestic mainstream spot checks of the third party application stores, such as Baidu mobile assistant, application treasure, 360 mobile assistant, etc..
Due to the huge number of applications if the third party application store does not have a strict audit mechanism and automated scanning mechanism, then the probability of PHAs sneak into these third party stores is quite high.
In addition because China domestic network condition, even if the user downloads through the application of the official website also can not guarantee no danger of anything going wrong. Almost half of the open network, the user will be downloaded to the user to download the file to lure users to install other profitable.
And as some time ago has large-scale lol hijacking, Youku, Sogou input method client as if by Hijacking means will normal users to download the software tampering as malicious software, then the consequences would be disastrous. However, I think this might have happened but on a small scale, we do not know.
Rumors Play Google Chinese version will come in March, but it has been nearly May or not seen. But even with the Play Google China can use the version of how it? Unless Google is able to force the OEM manufacturers to be pre installed Play Google or I guess how many people will use Play Google are a big question mark.