Google: No-one installed Lockdroid apps

Just 1,000 users downloaded Lockdroid, and no-one was fooled into installing it

Not a single Android user actually installed a frightening piece of ransomware called Lockdroid, according to Google, despite reports that two-thirds of users were at risk.

Only last week Symantec claimed up to 67 per cent of Android devices, but not one Android user was successfully fooled into downloading the ransomware, after Google's security features would have flagged it up, claimed Elena Kovakina, senior security analyst at Google.

Advertisement - Article continues below

Speaking at Kaspersky's Security Analyst Summit in Tenerife, Kovakina said malicious apps featuring Lockdroid were downloaded by fewer than 1,000 devices a far cry from the potential billion suggested by headlines and Google's own analytics revealed that "no users actually installed it".

The Lockdroid campaign failed to take off thanks to warnings via Google's Verify Apps system, which scans not only all the apps available via its own Google Play Store, but as many of those side-loaded through other app stores as possible.

Scanning for harmful apps

Kovakina said Google scans two million apps weekly both on its own market and others looking for what it calls "potentially harmful apps" (PHAs), which can include anything from ransomware and Trojans to surveillance and snooping.

Thanks to that programme, she said fewer than 0.5 per cent of Android devices globally have a PHA installed on them. "Which is quite a good stat," she said.

Advertisement - Article continues below
Advertisement - Article continues below

The vast majority of PHAs come via side-loaded apps, as in those not on Google Play but other app stores. Indeed, Google Play apps are ten times safer - while the infection rate of Android handsets with apps from third-party stores has slid from 2 per cent to 1 per cent in the past three months, those with only Google Play apps are all but zero, Google claimed.

Despite such external markets being more dangerous, Google does not want to ban rival app markets, because that would reduce openness and choice.

Instead, it is trying to gently push users towards making safer security choices, such as by pre-installing Google Play on the store, making it the easiest source of applications. Plus, it pops up warnings when apps are asking for too much access or if they look dodgy, tracking the decisions users make.

"This is a massive set of data, and we base security improvements on this feedback," Kovakina said.

Advertisement - Article continues below

This is also where Verify Apps plays a part, because it scans apps regardless of origin. While it is not enabled by default, users are prompted to enable the app scanning system and most Android users say yes, some 1.4 billion.

"It's actually heartwarming to know that the majority of users are enrolled by Verified Apps and trust us to protect them," the security expert said.

Free choice

Despite non-Google Play apps being scanned by the company, there is still a discrepancy between users who never leave the Google marketplace and those that do. Kovakina said that was down to choice: some users ignore Google's warning and click through to install anyway.

About a fifth of users faced with such a warning ignore it, but that stat is higher than might be expected because it includes commercial spyware and non-malicious rooting, Kovakina said, both of which users might be installing knowing full well what the risks are.

Advertisement - Article continues below

Google's data analysis can also spot when users are not blocking or uninstalling devices after repeat warnings, which can suggest the app is using persistence techniques to dodge removals, such as getting administrator powers.

Such a case recently occurred in Russia, and Google used Verified Apps to remove the malicious app without user permission on the assumption that people were trying to get rid of it and failing, something it only uses "sparingly" for "extremely malicious campaigns", she said.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
high-performance computing (HPC)

AMD virtual tour takes us inside Europe's Hawk supercomputer

4 Jun 2020