A large-scale study showed that in 67% of cases, potentially dangerous and malicious applications get onto Android devices by downloading from the Google Play Store. These results contradict the popular belief that third-party online retailers are prime breeding grounds for unwanted smartphone software.
The study was carried out as a joint project of NortonLifeLock (formerly Symantec) and one of the universities in Madrid working under the national program for the development of advanced technologies IMDEA. The control sample included 7.9 million unique apps (34 million APKs) installed on 12 million Android smartphones. Telemetry data obtained for four months, from June to September 2019, was taken as a basis.
Analysis showed that questionable programs are present on almost a quarter of mobile devices. Two-fifths of these APKs turned out to be malicious, while the rest of the experts rated them as potentially unwanted programs (PUP).
The researchers focused their main efforts on identifying the sources of such downloads. As it turned out, Android apps usually arrive on a smartphone in one of the following ways:
- by downloading from the official Google online store
- by downloading from similar third-party sites
- download via browser as a result of distribution according to the commercial PPI scheme (pay-per-install, with a fee for each installation)
- restoring from backups
- by downloading from the link in the IM message
- downloading themes for smartphones from stores
- by loading from external media or through a local file manager
- by downloading from a shared folder
- complete with preinstalled software (so-called bloatware) upload through corporate mobile device management (MDM)
- by using the installer
The majority of APK installations (87%) came from the Google Play Store. To the surprise of researchers, the same store topped the list of sources of unwanted downloads. The Play Store score of 67% was significantly higher than the result of the alternative stores (10%) in second place.
It is noteworthy that bloatware is currently one of the most important vectors of APK distribution. Web downloads are rare, but much more dangerous – even when compared to unofficial stores. Automating backups and restores also comes with a certain risk: unwanted programs in this case can migrate to a new smartphone.
