There's still too many unpatched Android devices, Google reckons: to wit, 29 per cent of mobes and tablets running The Chocolate Factory's operating system are running out-of-date code.
In among the self-congratulation in Google's second Android Security Annual Report, we find that only 71 per cent of devices are running Android 4.4.4 or better.
Last year, Google reckoned there were 1.4 billion active Android devices in the world, so that means there's more than 400 million seriously-vulnerable mobes and tablets ready for attackers.
It illustrates the challenge that Google – and the Android user – face: a patch gets written at Mountain View, picked up by a manufacturer sometime, handed off to a service provider, and pushed to the user over-the-air.
Blogging the release of the report, Android Security lead engineer Adrian Ludwig writes that Google now scans six billion apps and 400 million devices each day.
“Potentially harmful app” (PHA) installations are declining, Ludwig writes. Only 0.15 per cent of users who stick to Google Play got stung by PHAs – a mere 2.1 million – while 0.5 per cent of users who risk non-Play sources were stung in some way.
Ludwig notes that in 2015, the Verify Apps Service spotted an increase in malicious activity from non-Play sources, “and we disrupted several coordinated efforts to install PHAs onto user devices from outside of Google Play”.
The full report is here (PDF). ®