Android Ecosystem Security FAQs

How often will the Android Transparency Report data be updated?

Data on the Transparency Report will be updated quarterly. Additional charts and graphs may be added on a periodic basis.

How do I interpret this data?

The Transparency Report is refreshed quarterly with the latest data. If a quarterly refresh contains major changes or any other significant information we publish a blog post highlighting key insights, trends, and other takeaways.

What is Google Play Protect?

While all Android devices benefit from protections built into the platform, Android devices with Google Play services have an additional layer of defense to keep them safe. Google protects these devices right out of the box with Google Play Protect, designed to detect and remove Potentially Harmful Applications (PHA) on certified Android devices, regardless of where a user obtains the apps.

What does the term “sideloaded” refer to?

An app is “sideloaded” when it is loaded onto a device from an unknown source rather than installed through the Google Play Store app.  

How does Google define Potentially Harmful Application (PHA)?

Google Play Protect defines Potentially Harmful Application as any mobile app that poses a potential security risk to users or to user data—commonly referred to as “malware.” Apps classified as Potentially Harmful Applications overlaps mostly with the common understanding of malware but with some exceptions. Potentially Harmful Applications include but is not limited to click fraud, ransomware, spyware, and trojan apps as well as apps that attempt to install backdoors, conduct billing fraud, or execute a denial-of-service attack. 

Why does Google use the term Potentially Harmful Applications instead of malware?

The term "malware" lacks a well defined and universally accepted taxonomy, so we refer to such apps as Potentially Harmful Applications to avoid confusion.

How does Google determine that an app is potentially harmful?

Android leverages a combination of machine and human intelligence to identify these apps and keep our users safe. Automated systems detect and classify Potentially Harmful Applications and compare behavior to make meaningful connections across billions of data points. More details are published here. Our security experts analyze these findings and check suspected Potentially Harmful Applications that our systems discover. Android Security Year in Review is a great resource to understand how we detect and enforce on Potentially Harmful Applications.

How does Google Play Protect work?

Google Play Protect helps keep Android devices safe and secure.
  • It runs a safety check on apps from the Google Play Store before you download them.
  • It checks your device for Potentially Harmful Applications from other sources. 
  • It warns you about any detected Potentially Harmful Applications found, and removes known harmful appsfrom your device.
  • It warns you about detected apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.
Learn more here.

What does Google Play Protect do if it detects a Potentially Harmful Application?

Google Play Protect will check apps when you install them. It also regularly scans all installed apps on your device. If Google Play Protect identifies a potentially harmful application, it might:

  • Warn you -  If an app is detected that may be harmful to your device, you’ll get a notification. To remove the app, tap Uninstall on the notification. Google Play Protect might also disable the app to keep it from running until you uninstall it.
  • Remove the app automatically -  In some cases, if a harmful app has been detected, you may get a notification saying the app was removed.

How do I opt out of Google Play Protect?

To ensure your device is protected, we recommend that you always keep Google Play Protect on. To turn it off please follow the instructions here.

How frequently does Google Play Protect scan the device for Potentially Harmful Applications?

In addition to a lightweight, daily, automatic scan, users can start a full device scan at any time. Upon request, the device contacts Google servers for the latest Potentially Harmful Application information and scans all apps on the device. Play Protect also performs offline scanning, which helps prevent well-known Potentially Harmful Applications from being installed when an Internet connection is not available. When the device regains network connectivity, it undergoes a full scan. 

How can a user know when their device was last scanned?

Though Google Play Protect works in the background, users can check when their device was last scanned and the list of scanned apps in the Google Play Protect section of their Google Play app.  

I’m a developer. What if I don’t think my app is potentially harmful?

If you believe that Google Play Protect mistakenly flags your app as potentially harmful you can file an appeal here.

Where can I find more information about Android Security?

If you’d like to learn more about the extensive investment we’ve made into keeping users safe, you can start here

Why are some charts represented differently?

The appropriate chart type is determined by the kind of data it is representing. Graphs using a vertical Y-axis have a default maximum value of 1% and only increase when necessary. The horizontal X-axis is appropriately labeled to describe the dataset.

What is considered an Enterprise device?

Android Enterprise provides companies with a way to use Android devices and apps in the workplace. Android Enterprise enables companies to configure and manage the device and its apps to ensure its security and privacy.

What are some enterprise features that help protect against Potentially Harmful Applications (PHAs)?

Android Enterprise gives companies the ability to create policies to mitigate Potentially Harmful Apps, including:

As of Q4 2020, less than one percent of Enterprise devices have a third party anti-malware solution installed.

Google apps
Main menu
Search Help Center