Google in its Android Security 2017 Year In Review, reports that devices running the latest version of Android are comparatively safer, with a combination of features such as Google Play Protect and Instant Apps, coupled with machine learning capabilities.
While the biggest issue with Android security is fragmentation, and one that seems to have no foreseeable solution in the near future due to the numerous OEMs saddled with the churning out of devices.
But with each new Android release, Google does more and more to secure the numerous devices running the software. Albeit, just about 1 percent of Android users are currently running Oreo, compared to nearly 28 percent for both Nougat and Marshmallow.
And that leaves nearly 99 percent of Android users less secure, though Google is hoping for a favorable uptake with Project Treble and the Pixel, with the latest version of Android to increase exponentially, and likely by next year there could be over 10 percent of Android phones running Android P.
Also there’s Android Go and Android One, both of which offers “pure Android” version with the promise of up-to-date software, better performance and security.
Google in the report says that the odds of downloading a harmful app from the Play Store in 2017 was “less likely than the odds of an asteroid hitting the earth.” And that the introduction of Instant Apps, has helped to keep limits to the likelihood of installing harmful code on Android devices.
Both Google Play Protect and Instant Apps are available for phones going back to Lollipop, while most of the other security enhancements delivered recently are only available on Oreo.
Such new enhancements in the latest version of Android are stronger encryption and key storage, tighter sandboxing, kernel self-protection, and an updated version of Android Verified Boot.
Android Oreo handling of apps from sources other than the Play Store is alos different, as formerly users could easily access an Unverified Sources toggle to allow installations of non-Play Store-approved apps, in Oreo it’s a behind-the-scenes permission that automatically runs whenever an app is side-loaded.
And that makes it harder to manipulate as users can’t unwittingly turn it off, also malicious app can’t do it either.
There's a new Oreo feature that makes it easier for manufacturers to deliver updates to phones, so the phones running Android 8 should receive version 9 much quicker. And Google’s new Project Treble could ramp up the number of phones running Android P, as it gives manufacturers a clear way to update from Oreo to next version.