A year doesn’t go by without reports of malicious apps being downloaded from Google’s Play Store. Now, a study reveals that the Play Store is the main source of malware installs on Android devices.
According to a research study conducted by NortonLifeLock and the IMDEA Software Institute in Madrid, they found that 67.2% of malicious app installs are from Google Play –– the largest study of its kind carried out to date.
But, as the researchers pointed out, compared to other sources, the great majority of downloads come from Google Play. And for the most part, Google’s defenses do the work.
A whopping 7.9 million apps from 12 million Android devices were recorded by researchers. And this is just in a span of a four-month period, between June to September 2019. Additionally, according to the researchers, third-party app stores were only responsible for 10.4% of malware installs.
Google’s Play Store the main culprit for malicious apps
The research titled ‘How Did That Get In My Phone? Unwanted App Distribution on Android Devices’ was published on SemanticsScholar’s website and reveals that Google’s Play Store is the primary source of the malware installs on Android devices.
The data compares installs from other sources: play stores, alternative markets, web browsers, from commercial PPI (pay-per-install), and more. What’s shocking is that the Play Store takes the cake.
Google’s Play Store is the home for thousands of apps and games catering to Android devices. As mentioned, it was found that 87.2% of the total app downloads on Android came from the Play Store. And a huge 67.5% malicious app installs came from that number.
However, the research states that the vector detection ratio (VDR) for the Play Store is still the lowest in comparison to the other sources for app installs mentioned. The research says:
Its [Play store] VDR is only 0.6 percent, better than all other large distribution vectors. Thus, the Play market defenses against unwanted apps work, but still, significant amounts of unwanted apps are able to bypass them, making it the main distribution vector for unwanted apps.
And what’s interesting is that unofficial alternate markets with a total of 5.7% downloads only had just over 10% unwanted or malicious installs. Furthermore, installs from backup, which is 2% of total installs, had 4.8% unwanted or malicious apps.
Installs from package installers, accounting for 0.7% of the total, are responsible for 10.5% of unwanted installs. It was also said that between 10% and 24% of users have come across at least one unwanted or malicious app.
Finally, the data on the research pointed out that app distribution through commercial PPI platforms on Android is relatively lower as compared to Windows.
Google’s Play Store has now become synonymous with malicious apps. It is also known that the platform is more lax with its standards and restrictions against app developers, making it likely why it’s easier for attackers to plant malicious apps or attack vulnerable ones.
Hopefully, with this new research, users will be more vigilant with whatever they download and store in their devices.