A new study has determined the Google Play Store is the prime way Android malware is distributed.
Google’s mobile operating system has struggled to match the security of its main rival, iOS. While Apple receives its fair share of criticism for its walled garden approach and App Store review process, it is much harder to slip malware into Apple’s ecosystem.
In contrast, Google has laxer requirements for apps to be listed. The trade-off has been ongoing security issues that lead to periodic malware purges.
According to a study (PDF) by researchers from NortonLifeLock and the IMDEA Software Institute in Madrid, Spain, the Google Play Store is “by far the largest unwanted app distribution vector.”
In fact, 67% of all unwanted app installs come from the Play Store. Alternative markets come in a distant second place at a mere 10%. While the number of unwanted apps is lower on the alternative markets, however, unwanted apps make up a higher percentage of apps on the alternative markets. Those markets only account for 5.7% of all Android app installs, while the Play Store accounts for 87% of all installs.
“We reveal that the Play market is indeed the main app distribution vector of both benign and unwanted apps, while, it has the best defenses against unwanted apps,” the researchers conclude. “Alternative markets distribute fewer apps but have higher probability to be unwanted. Bloatware is another surprisingly high distribution vector. Web downloads are rare and much more risky even compared to alternative markets. Surprisingly, unwanted apps may survive users’ phone replacement due to the usage of automated backup tools.”
This study is just the latest evidence that Google must do more to protect its users from malware and other unwanted apps.