Adrian Ludwig, lead engineer for Android Security at Google criticized a number of myths surrounding the definitions of malware and spyware in general. The assumptions include that the spread of malware is always increasing, most devices are not protected, and all malware can infect them.

“There is a certain amount of pessimism in security,” said Adrian Ludwig, at the RSA Conference on Tuesday.

According to Ludwig nearly all Android users actually do have built-in protections on their devices out of the box, mobile malware can be classified and isolated, and mobile malware isn’t actually increasing. Ludwig also assured that Google aims to take the best platform security tools available and make them free for others to build upon, in order to keep Android secure.



Android is firmly rooted in openness, Ludwig stressed from thousands of unique devices available, millions of lines of code in Android Open Source, and hundreds of OEMs, ISVs and security solutions encompassed in the ecosystem.

Google has launched a few of the initial safeguards that includes verifying apps and the Android Safety Net, which has scanned and verified more than one billion devices over the last year. Only less than one percent of devices have been found to have a Potentially Harmful App (PHA) installed, according to the Internet giant.

However, there are a few exceptions described as “regional variations,” include Russia and China as markets where PHA installs are significantly higher.

“There is not uniformity in what people are encountering,” Ludwig said, reiterating findings can vary day by day and region by region.

Ludwig suggested that install trends also tend to have a characteristic shape by “type,” that could range from a bad application to a kind of apps targeting an asset, such as a bank.

“There is a growth in the prevalence in that kind of harmful app,” Ludwig confirmed, explaining at some points it crosses a threshold and we begin to become aware that is going on.