16 November 2020 13:58 IST

They looked at 34 million APK installs for 7.9 million unique apps to know the amount of apps installed through different distribution vectors.

Google Play Store has been identified as the main distribution vector for most malware installs on Android, according to a recent study by researchers from NortonLifeLock and the IMDEA Software Institute in Madrid, Spain.

In the paper titled ‘How did that get in my phone? Unwanted app distribution on android devices’, researchers have analysed 12 million Android devices and their connection between apps over a four-month period between June and September 2019.

Researchers used an online service to flag unwanted APKs and found that 10-24% of the apps analysed to be malicious or unwanted. They said despite many security improvements provided by the Android ecosystem, the security posture of Android devices with respect to unwanted apps is not better than that of Microsoft Windows hosts.

They then examined the ‘who-installs-who’ relationships between installers and the child apps and classified the installer apps into 12 categories.

To compare distribution vectors, researchers calculated vector detection ratio (VDR), by finding the ratio of unwanted apps installed via a vector over all apps installed via the same vector.

They found that Google Play Store was responsible for 87% of all installs and 67% of unwanted installs. However, its VDR is only 0.6%, better than all other large distribution vectors.

Among the remaining installs, alternative markets are the largest with 5.7% of all installs and 10.4% of unwanted installs. It is also five times riskier (3.2% VDR) than the Play market (0.6%). This suggests that users are more likely to install malware by downloading it from web pages via browsers or from alternative markets.

The paper noted that Android has become the most popular operating system with over 2.5 billion active devices and 75% of the mobile device market share. This has been attributed to its open environment that allows affordable access to new app developers, app distribution through the official Play market and alternative sources, and OS customization by vendors and mobile network operators.

This means that abusive developers also have easy access to the ecosystem allowing them to distribute their unwanted apps to a large number of users.