A research project using telemetry from Symantec (now known as NortonLifeLock) confirms that the Google Play Store remains the favorite ground for malicious apps.
Google's official store, the Play Store, was identified as the main source of malware installed on Android devices in a recent academic study. This study is considered the most important of its kind to date.
Using telemetry data provided by NortonLifeLock (the new name of Symantec's consumer division), the researchers analyzed the origin of app installs on more than 12 million Android devices over a period of four months, between June and September 2019.
In total, the researchers looked at over 34 million Android app installs for 7.9 million unique apps.
According to the researchers, depending on the definition of "malware", between 10 and 24% of the applications they analyzed on Android could be described as malicious or unwanted.
But they focused specifically on the relationships between installers and installed apps to uncover the path malicious apps take to reach users' devices.
The research team specified that it had examined 12 installation modes that lead to application installations, including:
1. Applications installed from the official Play Store.
2. Applications installed from alternative markets (third party application stores).
3. Applications downloaded via web browsers.
4. Applications installed through commercial PPI (pay-per-install) programs.
5. Applications installed through backup and restore operations.
6. Applications installed from an instant message.
7. Apps installed through phone theme stores
8. APKs loaded to disk and installed through the local file manager.
9. Applications installed from file-sharing applications.
10. Applications preloaded on the device (bloatware).
11. Applications installed through corporate mobile device management servers, or MDM (applications installed by companies on their employees' devices).
12. Applications installed through package installers.
67% of malware would come from the Play Store
Researchers' results showed that about 67% of malicious app installations came from the Google Play Store.
Second malicious application vector and third-party app stores are at 10%. This study dispels the widely held assumption that most Android malware today comes from third-party app stores.
The research, titled "How Did That Get In My Phone? Unwanted App Distribution on Android Devices", can be downloaded as a PDF. It was conducted by researchers from NortonLifeLock and the IMDEA Software Institute in Madrid, Spain.
Despite our requests, Google did not wish to comment.