Play Store identified as main distribution vector for most Android malware


Level 62
Thread author
Top poster
Content Creator
Apr 24, 2016
Mammoth research project using Symantec (now NortonLifeLock) telemetry confirms what everyone suspected.

The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study — considered the largest one of its kind carried out to date.

Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installations on more than 12 million Android devices for a four-month period between June and September 2019.

In total, researchers looked at more than 34 million APK (Android application) installs for 7.9 million unique apps.

Researchers said that depending on different classifications of Android malware, between 10% and 24% of the apps they analyzed could be described as malicious or unwanted applications.

But the researchers focused specifically on the "who-installs-who relationships between installers and child apps" to discover the path malicious apps take to reach user devices.

The research team said it looked at 12 major categories that result in app installations, which included:
  1. Apps installed from the official Play Store
  2. Apps installed from alternative markets (aka third-party app stores),
  3. Apps downloaded via web browsers
  4. Apps installed via commercial PPI (pay-per-install) programs
  5. Apps installed via backup and restore operations
  6. Apps installed from an instant message (IM)
  7. Apps installed via phone theme stores
  8. App installed loaded on disk and installed via the local file manager
  9. Apps installed from file sharing apps
  10. Apps preloaded on the device (bloatware)
  11. Apps installed via mobile device management (MDM) servers (apps installed by enterprises on their employee's devices)
  12. Apps installed via package installers
The results showed that around 67% of the malicious app installs researchers identified came from the Google Play Store.

In a distant second, with 10%, came alternative markets, dispelling a pretty common assumption that most Android malware these days comes from third-party app stores.
Read the full story here at ZDNet:
The research, titled "How Did That Get In My Phone? Unwanted App Distribution on Android Devices," is available for download in PDF format and was authored by researchers from NortonLifeLock and the IMDEA Software Institute in Madrid, Spain.

ForgottenSeer 85179

That's strange as Google say:

According to Google, 0.04 percent of all downloaded apps worldwide in 2018 were PUAs from the Play Store. Outside the Play Store, Play-Protect recognized 0.92 percent of all app downloads as PUAs.
So the probability of catching a malicious app in the Play-Store is currently 1 in 2,500.

found on Google Play-Store: Daten, Fakten, Tipps |


Level 22
Top poster
Nov 19, 2012
Until recently lot of people used to say that users don't need to worry as long as they are not installing apps from sources other than the playstore, but I never believed that.
I had argued with many people on that subject and now the truth is out.
I think whatever device we use we need to have dedicated security apps installed on that device.