Last year at Apple’s WWDC developers conference, Apple CEO Tim Cook ripped Android to shreds with two slides about the level of malware on Google’s mobile operating system. He showed a pie chart indicating that 99% of mobile malware was on Android, describing Android as a “toxic hellstew of vulnerabilities.”
It got a big laugh.
More important, it cemented the idea that Apple’s iPhone, and iOS, was the safe, virus-free place for users.
Last week, Google published its comeback. The company’s “Android Security 2014 Year in Review” report shows that less than 1% of Android devices have any malware. Google scans Active Android devices with a product called “Verify Apps,” which seeks out viruses, ransomware, or other “potentially harmful applications” (PHAs).
What’s interesting about the report is that the 1% includes phones in China that download apps from sketchy off-brand app stores outside Google Play.
Inside Google Play, “fewer than 0.15% of devices that download only from Google Play had a PHA installed.”
Here is what that looks like in a chart:
Here is a similar set of data comparing infection levels for phones inside Google Play and phones that are downloading stuff from outside Google Play:
Note that the green line, which represents the vast bulk of Android users who download apps only from Google Play, is basically at zero.
Bottom line: If you’re on Android, stop worrying about malware. You will have to try really hard to get harmful apps onto your phone. The only way an Android phone is realistically going to get infected is if you are downloading stuff from non-Google Play websites. And as Google Play has the largest selection of apps on the planet — larger than Apple’s App Store — this should not be something you would need to do anyway.