As Android's market share continues to increase, so do attacks or malware targeted at Android users. Mobile malware is a broad term that refers to a piece of software that performs unintended actions and includes Trojans, spyware, adware, ransomware, and others. According to pandasecurity, Android devices are 50 times more infected with malware compared to iOS devices (https://www.pandasecurity.com/mediacenter/mobile-security/android-more-infected-than-ios/). In 2019, the famous Agent Smith malware alone infected almost 25 million Android devices, as per a Cybersecurity Hub news report (https://www.cshub.com/malware/articles/incident-of-the-week-malware-infects-25m-android-phones). 

One of the primary reasons for this situation is that, unlike Apple's App Store, which is tightly controlled by the company, Google's Play Store is an open ecosystem without any detailed upfront security reviews. Malware developers can easily move their apps to the Play Store and thereby distribute their apps. Google now has a malware-detecting software named Google Bouncer, which will automatically scan an uploaded app for malware, but attackers have figured out several ways to remain undetected. Moreover, Android officially allows us to load apps that have been downloaded over the internet (side-loading), unlike iOS, which does not allow unsigned apps.

For example, as shown in the following screenshot, when the Unknown sources option is selected on an Android device, it allows the user to install apps that have been downloaded from any site over the internet:

The third-party app stores that host Android apps are known to be hubs of malware. This prompted Google to roll out the Verify Apps feature starting from Android 4.2, which scans apps locally on Android devices to look for malicious activities, such as SMS abuse. As shown in the following screenshot, the Verify apps feature may warn the user, or in some cases may even block the installation. However, this is an opt-in service, so users can disable this feature if they wish to:

Starting with Android Oreo, Google has rolled out a new feature called Play Protect, which is a better version of the verifying apps feature. The primary job of Play Protect is to block or warn the users of malicious or harmful apps that have been installed on the Android device. For example, as shown in the following screenshot, the Play Protect feature may show a warning message during the app's installation:

Next, let's have a look at the types of malware.