Two-thirds of Android malware comes through Google Play — how to stay secure

News
By published

The Play Store is biggest source of malicious apps, says study

Google Play Store
(Image credit: LightRocket / Getty)

Google's official Play Store is the largest distributor of malicious Android apps, yet still one of the safest places to download apps, according to new research from U.S. antivirus firm NortonLifeLock (formerly Symantec) and the IMDEA Software Institute in Madrid, Spain.

After investigating 7.9 million apps installed on 12 million Android products across four months in 2019, security researchers discovered that "between 10% and 24%" of Android devices running Norton or Symantec antivirus software encountered at least one malicious app, if you consider adware as malicious.

Out of the malicious apps identified in this study (How Did That Get In My Phone?Unwanted App Distribution on Android Devices) two-thirds (67%) had made their way onto the devices of unsuspecting Norton/Symantec users via the Google Play Store, as earlier reported by ZDnet. (Symantec became NortonLifelock after the study period ended.)

Many of these apps masquerade as useful services like VPNs, but actually contain malware that can steal your data or bombard you with unwanted adverts. That’s why you should only download reputable apps. 

Unfortunately, the best way to make sure you download reputable Android apps is to get them straight from Google Play, as Tom's Guide has long advised. Crooks and adware distributors know this too.

The researchers explained that “unwanted app developers have a large incentive to make their apps appear in the Play market since it provides the apps with higher visibility, reputation, and trust".

Yet Google Play is still mostly safe...

So is Google Play really that safe if two-thirds of Android malware comes from it? Paradoxically, yes. It's where you should get your Android apps.

Google Play's numbers are distorted because it's responsible for nearly 90% of all app installations, the researchers found. But only 0.6% of all app downloaded from Google Play were found to be malicious.

“This leads to a low fraction, but large number overall, of unwanted apps being able to bypass Play’s defenses," said the paper. "The effectiveness of Play defenses against unwanted apps is illustrated by the lower rate of unwanted installs compared to all installs, i.e., they manage to remove a fraction of the unwanted apps.”

There are other things you can do, such as installing one of the best Android antivirus apps and making sure your phone or other device can't install apps from unknown sources. But sticking to Google Play is the first step.

... while some other vectors aren't

In this study, the security experts also analyzed other places for downloading Android apps and found that 10% of the malicious installations found on devices running Norton/Symantec software had been downloaded from third-party app stores. 

"Compared to the Play market, the users of alternative markets have up to 19 times higher probability of encountering unwanted apps," the paper says.

Other infection vectors for malicious Android apps were backup services, package installers, bloatware that came preloaded on phones, pay-per-install services, file-sharing services, themes, web browsers, file managers, mobile device management services run by companies to manage employee phones, and instant messengers.

In terms of malware prevalence, 3.8% of apps downloaded through web browsers were malicious, as were 3.2% of apps downloaded from third-party app stores and 2.9% of apps that came via instant-messaging apps.

"Alternative markets distribute fewer apps but have higher probability to be unwanted," the researchers added. "Bloatware is another surprisingly high distribution vector. Web downloads are rare and much more risky even compared to alternative markets. 

“Surprisingly, unwanted apps may survive users’ phone replacement due to the usage of automated backup tools. Finally, we observe that app distribution via commercial PPI [pay-per-install] services on Android is significantly lower compared to Windows.”

  • Read more: Stay protected on your mobile with the best Android VPN
See more Computing News
Nicholas Fearn

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
Gemini screenshot image
Google unveils Gemini 2.5 — claims AI breakthrough with enhanced reasoning and multimodal power
Samsung Galaxy Z Flip 6 review.
Samsung Galaxy Z Flip 7 design just teased in new cases leak — and the outer display is huge
Google Chrome
Chrome failed to install on Windows PCs, but Google has issued a fix — here's what happened
nyc spring day AI image
OpenAI just unveiled enhanced image generator within ChatGPT-4o — here's what you can do now
WWDC logo on yellow background
Apple WWDC 2025 date set for June 9 — iOS 19, Apple Intelligence and more expected
Motorola Razr Plus 2024 cover display
Motorola Razr Plus (2025) leaked specs hint at bigger upgrades — here's what we know
More about malware adware
A hacker typing quickly on a keyboard

Hackers are using this little-known file type to drop a nasty Windows worm on vulnerable PCs — how to stay safe
Malware

1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this
Google Chrome

Chrome failed to install on Windows PCs, but Google has issued a fix — here's what happened
See more latest
Most Popular
Google Chrome
Chrome failed to install on Windows PCs, but Google has issued a fix — here's what happened
Gemini screenshot image
Google unveils Gemini 2.5 — claims AI breakthrough with enhanced reasoning and multimodal power
Samsung Galaxy Z Flip 6 review.
Samsung Galaxy Z Flip 7 design just teased in new cases leak — and the outer display is huge
nyc spring day AI image
OpenAI just unveiled enhanced image generator within ChatGPT-4o — here's what you can do now
WWDC logo on yellow background
Apple WWDC 2025 date set for June 9 — iOS 19, Apple Intelligence and more expected
Motorola Razr Plus 2024 cover display
Motorola Razr Plus (2025) leaked specs hint at bigger upgrades — here's what we know
(L-R) Yura Borisov as Igor, Mark Eydelshteyn as Vanya, Karren Karagulian as Toros and Mikey Madison as Anora "Ani" Mikheeva in "Anora"
Hulu top 10 movies — here's what you need to stream right now
"The "Alone Australia" season 3 line-up: (Left to right) Eva, Matt, Corinne, Shay, Karla, Ben, Yonke, Tom, Muzza, Ceilidh
How to watch 'Alone Australia' season 3 online — stream survival reality show from anywhere
Nintendo Switch 2
Nintendo Switch 2 — industry insider just tipped release month and launch plans
COLUMBUS, OHIO - JANUARY 26: Amber Glenn skates in the Women's Free Skate during the U.S. Figure Skating Championships at Nationwide Arena on January 26, 2024 in Columbus, Ohio. (Photo by Matthew Stockman/Getty Images)
How to watch World Figure Skating Championships 2025: live streaming, schedule, what TV channel?