Google has been cracking down on potentially harmful apps being installed from the Play Store, so much so that currently, as of Google’s latest security report, only 0.15% of Android devices have been able to successfully install PHAs or potentially harmful apps.
Google first started the initiative in which several OEMs became participants in. Stagefright was the first real security problem that faced Android since the beginning of the Android Platform. The vulnerability took advantage of a bug present in the method used to preview multi-media messages received through an SMS app.
Google’s report also says that the number of PHAs that made it onto the Play Store have decreased over 40% when compared to 2014. Individual categories of PHAs have been outline as well. Data Collection PHAs have gone down to 0.08% of installs, spyware is at 0.02% of installs, and Hostile Downloaders have decreased to only 0.01% of total app installations.
Reminder that these installations are ONLY from the Play Store. So if you’ve got some third-party app installer, or you’re installing APKs from all over the place, you could be at risk for malware and harmful app activity.
Google’s Verify Apps service also protects users from installing PHAs outside of the Google Play Store. Google has significantly improved the security in Android devices since this time last year. Google’s implementations have been helping to check over 6 billion installed applications every day, they scan 400 million devices every day, and they’ve protected hundreds of millions of Android users surfing the web with Chrome with Safe Browsing.
There are other reports that show iOS has more vulnerabilities and more high risk vulnerabilities than android.
Of course it does, it's the main target. Android is the best mobile OS for me and my Nexus gets all the updates fast, so I have nothing to complain about.