Google said in its latest Android security and privacy report that 0.45% of all Android devices running Google Play Protect installed potentially harmful apps (PHAs) in 2018, compared to 0.56% in 2017. This equates to a 20% year-over-year improvement. Two apps outside of this category are versions of a popular video player that mines cryptocurrency in the background without user consent. Mobile devices have been damaged by cryptocurrency mining in the past, so Google flags these apps as PHAs. In India, by far the biggest Android market, 0.65% of all Android devices were affected by PHAs in 2018, there was a 35% drop from the previous year. For the first time, India didn’t have the highest device rate of PHAs among the top Android markets. Most PHAs in India were Trojans, backdoors or hostile downloaders that downloaded more PHAs onto devices. These apps were introduced to users through supply chain attacks either in the form of pre-installed apps on new devices or OTA updates handled by untrustworthy OTA companies. Pre-installed apps from the EagerFonts, Snowfox, and Chamois families were the most common. Of the devices that exclusively used Google Play to download apps globally, only 0.08% had one or more PHAs installed in 2018, the same as in 2017. In contrast, 0.68% of devices that installed apps from outside Google Play were affected by one or more PHAs in 2018. While this number is 8 times higher than devices that exclusively used Google Play, it’s an improvement from 0.80% in 2017. The report also…
