Google has released its latest Android Security & Privacy Year in Review Report for 2018, highlighting an uptick in the number of potentially harmful application (PHAs) on Android devices. Specifically, the company says the threat continues to come from apps that re delivered through over-the-air updates or are pre-installed.

Android is widely regarded to be less secure than iOS. Google has repeatedly said the platform itself is completely secure in its stock form. However, because it is an open solution, OEMs are free to change Android as they please. This can mean compromising Google’s stock security refinements.

For the last five years, the company has published the Android Security & Privacy Year in Review, which shows vulnerabilities that have affected Android and what threats the OS faces.

Among the causes for concern during 2018 was a rise in PHAs on Android devices that have pre-installed application or are downloaded with a system update:

“Malicious actors increased their efforts to embed PHAs into the supply chain using two main entry points: new devices sold with pre-installed PHAs and over the air (OTA) updates that bundle legitimate system updates with PHAs,” wrote Google in its Android Security and Privacy Year in Review 2018.

Decent Showing

Yes, Google is concerned about these methods. Still, the company reports the number of PHAs on Android devices dropped 20 percent compared to 2017. The company says just 0.08 percent of Android devices were affected by PHAs through 2018.

While this data is a step in the right direction, there are two things worth noting. Firstly, Google only looks at apps that have been installed by its own Play Store. It’s worth remembering there are other ways to get apps onto an Android device without using the official store.

Secondly, while just 0.08 percent of affected devices is solid, Android is actually on over 2 billion devices (by latest data in 2017). Even if we take the figure as 2 billion flat, it means 1.6 million handsets were affected by PHAs in 2018.