Two-thirds of Android malware comes through Google Play — how to stay secure

Google Play Store
(Image credit: LightRocket / Getty)

Google's official Play Store is the largest distributor of malicious Android apps, yet still one of the safest places to download apps, according to new research from U.S. antivirus firm NortonLifeLock (formerly Symantec) and the IMDEA Software Institute in Madrid, Spain.

After investigating 7.9 million apps installed on 12 million Android products across four months in 2019, security researchers discovered that "between 10% and 24%" of Android devices running Norton or Symantec antivirus software encountered at least one malicious app, if you consider adware as malicious.

Out of the malicious apps identified in this study (How Did That Get In My Phone?Unwanted App Distribution on Android Devices) two-thirds (67%) had made their way onto the devices of unsuspecting Norton/Symantec users via the Google Play Store, as earlier reported by ZDnet. (Symantec became NortonLifelock after the study period ended.)

Many of these apps masquerade as useful services like VPNs, but actually contain malware that can steal your data or bombard you with unwanted adverts. That’s why you should only download reputable apps. 

Unfortunately, the best way to make sure you download reputable Android apps is to get them straight from Google Play, as Tom's Guide has long advised. Crooks and adware distributors know this too.

The researchers explained that “unwanted app developers have a large incentive to make their apps appear in the Play market since it provides the apps with higher visibility, reputation, and trust".

Yet Google Play is still mostly safe...

So is Google Play really that safe if two-thirds of Android malware comes from it? Paradoxically, yes. It's where you should get your Android apps.

Google Play's numbers are distorted because it's responsible for nearly 90% of all app installations, the researchers found. But only 0.6% of all app downloaded from Google Play were found to be malicious.

“This leads to a low fraction, but large number overall, of unwanted apps being able to bypass Play’s defenses," said the paper. "The effectiveness of Play defenses against unwanted apps is illustrated by the lower rate of unwanted installs compared to all installs, i.e., they manage to remove a fraction of the unwanted apps.”

There are other things you can do, such as installing one of the best Android antivirus apps and making sure your phone or other device can't install apps from unknown sources. But sticking to Google Play is the first step.

... while some other vectors aren't

In this study, the security experts also analyzed other places for downloading Android apps and found that 10% of the malicious installations found on devices running Norton/Symantec software had been downloaded from third-party app stores. 

"Compared to the Play market, the users of alternative markets have up to 19 times higher probability of encountering unwanted apps," the paper says.

Other infection vectors for malicious Android apps were backup services, package installers, bloatware that came preloaded on phones, pay-per-install services, file-sharing services, themes, web browsers, file managers, mobile device management services run by companies to manage employee phones, and instant messengers.

In terms of malware prevalence, 3.8% of apps downloaded through web browsers were malicious, as were 3.2% of apps downloaded from third-party app stores and 2.9% of apps that came via instant-messaging apps.

"Alternative markets distribute fewer apps but have higher probability to be unwanted," the researchers added. "Bloatware is another surprisingly high distribution vector. Web downloads are rare and much more risky even compared to alternative markets. 

“Surprisingly, unwanted apps may survive users’ phone replacement due to the usage of automated backup tools. Finally, we observe that app distribution via commercial PPI [pay-per-install] services on Android is significantly lower compared to Windows.”

  • Read more: Stay protected on your mobile with the best Android VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!