Google’s Play Store has borne the brunt of recent reports into malware-laced apps tricking Android users into high-risk installs. And while there are reportedly more than 25,000 potentially dangerous apps in the store, it’s not the most dangerous place a user can currently visit. That honor belongs elsewhere.
The report in question is the latest threat landscape from RiskIQ, and it includes some welcome security news for Google. “The number of blacklisted apps in the Play Store dropped an impressive 76.4% in 2019,” it says. An app is blacklisted when “at least one vendor has flagged the file as suspicious or malicious.”
The U.S. tech giant has introduced multiple initiatives to reduce the risk, but dangerous apps still slip through the net. That said, according to RiskIQ, there were still those 25,647 blacklisted apps on the Play Store in 2o19—alarming, yes, but down from a staggering 108,000 the year before.
There are often links to China with Play Store apps that are identified as dangerous and unwanted. And China features front and center in the RiskIQ report: With 40% of app spending, “China remains the largest app market,” an ecosystem that goes way beyond the official stores. “The top-three most prolific app stores in 2019 were Chinese, ahead of both Google and Apple.” In fact, China’s leading app store, ApkGK, accounted for more than twice the number of new apps as the Play Store.
Putting all that together, it’s little surprise that the four most dangerous app stores (by concentration of malicious apps) are all Chinese: 9Game, VmallApps, Xiamoi and Zhushou. And 9Game leads the way overall—RiskIQ warns that it is the most dangerous of all the app stores, with a staggering 61,669 blacklisted apps.
So what about Apple? Well, Risk IQ notes that “Apple treats its App Store like Fort Knox and rarely hosts dangerous apps.” The company and its iOS operating system has not been without its challenges in the last year, but its tight controls and enhanced screening have maintained its market-leading security record.
Google has stepped up its campaign to police Android and the Play Store more effectively in the last 12 months. The App Defense Alliance has introduced a collaborative effort with external security researchers to better understand the state of current malware threats, and AI is being used on the developer platform to advise (although not yet mandate) on the access requested by apps to user devices.
RiskIQ says that more than 200 billion apps were downloaded in 2019, with users around the world spending a staggering $120 billion in the process. The positive news is that even as the number of apps increased last year, up 18%, the number of blacklisted apps dropped sharply, down 20%. But to put that into context, there were still 170,000 apps blacklisted, albeit down from 213,000 in 2018.