The Android Security Report scrutinized all of the data collected regarding Android vulnerabilities found in the past year, assesses the overall security of the ecosystem and describes the advances in Android platform security that most users don’t have yet.



The report comprises three major sections: the data regarding malicious apps collected by Android’s chief steward; vulnerabilities patched; and the addition of new security features to the Android system.

Google claims that in 2014, the Android devices infected with malware were fewer than 1% and those who only use the Google Play Store for apps at much lower risk, although common update issues are still apparent for enterprise.

Google’s lead for Android security, Adrian Ludwig, described Google’s Android security model as a “layered approach,” while some security features are innate to the open source system layer, and some reside in the “surface layer” which is represented by Google Play services.

Google Play services are the set of APIs and tools that is used by developers to facilitate application integration with the Android platform and Google services.

“The value of the surface layer is the ability to collect data, which helps with the road map,” Ludwig said. “It should also help others identify opportunities for improving apps, or give confidence in the platform based on the threats known.”

Google Play services are getting increasingly important to Android security, as a number of security-specific services serve to protect the device and its applications.

The two main security features of Google Play services that exist on devices – Verify Apps and Safety Net – are available on Android versions 2.3 and higher, which equates to about 99.5% of the devices in use.