Based on materials from androidcentral.com
Exposure Android to malware is a hackneyed topic and invariably provokes speculation. Games with statistics, scary headlines to attract attention, designed to collect a large number of views, banal network trolling – these are the eternal companions of discussions around this story. Let's try to consider the situation so that you yourself can decide how much you should worry about the security of your personal data and your device.
There are big numbers and there are huge
Much of the information that we come across in connection with the topic of malware on Android is data on the number of devices, presumably affected by it. Even if you figure out the unpredictable mathematics of getting it (as usual, when you need to evaluate something – the numbers are always bloated), some of the totals can seem incredibly huge. Since any value greater than one is already bad, there are a couple of things to remember.
There are more than 1,600,000,000 devices in the world on Android.
Most of the threats were found in non-Google Play apps.
Google says there are over 1.6 billion devices on Android, and this number is incorrect, in fact it is much more. Google calculates the number of activations Android through Google Play. The first time someone logs into Google Play from a new one Android is considered activation. If you erase the data or sell the unit, it won't be counted a second time. This is a one-off situation tied to the device ID.
This means that devices without Google Play preinstalled are not included in the 1.6 billion. And there are many of them. All over the world there are millions and millions of phones and tablets on Android that were not included in the number of activations. Now let's look at those numbers again in the malware data.
Using big scary numbers like '10,000,000 devices on Android at risk' helps a little to visualize the situation. 10,000,000 devices out of 1,600,000,000 are 0.625%. This means that 10 million devices is still less than one percent of all devices, of which 1.6 billion in total.The number is still too big, but '10 million' sounds much more sensational than 'less than a percent of devices on Android. But they are one and the same.
Let's go back to the number of activations. The vast majority of malware problems occur in people who download apps from outside of Google Play. You can download applications to your phone from anywhere, even with access to Google Play – but most people don't and prefer to get games and applications the easy way. Remember that 1.6 billion is not the exact number of devices on Android, which means that the percentage of devices affected by malware is even lower. We do not know exactly how much less, and we will not guess.
I just want to make sure that everyone understands how it all works when we take the number of activated devices over a billion. There are a lot of phones and tablets on Android, more than we know. Malware also has to be high in order for each of us to be at risk.
What exactly is malware?
Malicious software is any software on your device that does something that you did not allow it to do. Many people get confused about the term and use it in relation to nefarious apps that do nefarious things like spamming your notifications or pop-up ads in your browser that you yourself have given permission to show. There is nothing good in such applications, and what needs to be done with their developers, we will not write for censorship reasons, but this is not malware.
The error lies in the very model of granting permissions to applications. Google is too vague about what you agree to, and unscrupulous developers can take advantage of this for their dastardly purposes. When you allow ads to be shown by downloading a free game or app, you do not mean that you agree to receive ads in web browser notifications. Some of the coders for Android are aware of this problem, but Google has not openly stated anything about how they are trying to change this. Let's hope they try.
In the meantime, take a few minutes and read the latest reviews. Among the obvious things and outright nonsense, you will quickly find information if the application does something wrong. None of those who downloaded ES File Explorer and suffered from the bad behavior of this program read the comments. Don't be like them – listen to other people and don't download this app. And if you're reading about 'malware' in relation to crappy ads from a free app, remember, it's not malware. This is an unpleasant side effect of more open politics.
However, it exists
No one is trying, however, to paint you rainbow pictures. Malicious software for Android exists, and there is much more to it than anything you can live with. Using our example numbers, 0.625% is a 'whole' 0.625%! And it is quite fair to grumble at the big companies that manufacture devices for Android and do not spend enough of their billions to update the software on the devices sold. Google has programs and entire teams looking for and fixing vulnerabilities in Android. They make the necessary fixes both for the phones they sell and for phones from other manufacturers at Android and provide them to the companies that make and sell them. It is foolish not to benefit from this, and most companies that make Android devices should be ashamed of their 'successes'. Maintaining software is difficult, but very important, and worth the investment.
If they made 1.6 billion devices for profit, they could spend 10 million to get security updates to us faster. And this would only affect their profits by 0.625%.
So when you read about a report from a company that makes money selling you the idea that you are at risk and the number of affected devices is huge, remember to match the numbers. And don't relax, because the numbers are still very high.
And what to do with it?
And now – to the very essence. After worrying about malware on devices in China (or anywhere else) when it comes to the phone in your hands, there is actually a few things you can do.
The main thing is not to do stupid things. If you are going to download something from outside Google Play, look for places that are reputedly trustworthy. Trying to save money and grab a paid app for free from somewhere else? Well, the possible problems will be deserved. Let it sound like a morality.
Then, watch how the company sends security updates to the devices, and only then bring your money to them. For example, Samsung will probably support the device for two years – if you buy one of the high-end models. If you are looking for a device on a budget, look towards other manufacturers. Only then do companies care about software support when it benefits their core business.
Antivirus scanners and a variety of security applications are unnecessary, but they won't hurt. Look for those that aren't burdened with a bunch of extra features like cleaning up memory. People are always looking for 'the best Android antivirus of all time'. There is no definite answer, but I usually recommend Lookout because I know the people who work with the company and I love the feedback on how the app works with your data.
Finally, stay informed. Read comments and reviews for everything you download and install. Read the system notices from the device manufacturers, Google, or your operator. Sometimes it's worth checking the support pages for your phone's software. Finally, pay attention to the articles on malware on specialized resources – different opinions never hurt.
What you don't need is confidence in the reputation Android as a platform full of malware. This reputation and conversations around it simply make money.
In conclusion, dear readers, as usual, it remains to ask you a couple of questions. Do you agree with the author of the material? Is the 'malicious' reputation Android grossly exaggerated? And what do you personally do to protect your device from malware?