Google has claimed to have cut Android malware by half.

Figures out of Mountain View this week suggest that the prevalence of PHAs (potentially harmful applications) found on Android 9 Pie devices is half the rate seen in its predecessor. Overall, this has fallen from 0.66 per cent in Lollipop to 0.06 per cent in Pie.

The number is derived from malware detected by Google Play Protect scans, which covers both applications distributed through its Play Store, other app stores, and sideloaded apps. The figures appear in Google's first Android Ecosystem Security Transparency Report.

On average, reckoned Google, only 0.09 per cent of devices that used Google's own Play Store had a piece of malware on board in 2017. That translates to 1.8 million phones.

Click to enlarge

Google attributes the decline in malware to remote control. Since 2017, when the Play Protect scan finds a PHA, it disables it by default: shoot first, ask the user questions ("re-enable or delete?") later.

Google made Play Protect scanning one of the selling points of its Android One programme, which brings order and uniformity to low-end and mid-range 'Droids. Phone makers lose the ability to customise their phones, but buyers get two years of scanning.

(One is not to be confused with Go, which is the low-footprint "Poundland edition" of Android.)

Google said it published the report to increase transparency. But given the regulatory scrutiny of Android, the dominant mobile platform, it also needs to tell a happy story about its governance of the ecosystem – and more specifically, on why it takes a 30 per cent cut of revenues. ®