It can be tempting to venture outside the walls of Google Play but as the search giant highlights in its second-annual Android Security Report, doing so can have dire consequences.

Adrian Ludwig, Lead Engineer, Android Security, said one of their key goals in releasing the report is to drive an informed conversation about Android security.

Over the course of 2015, Google says it scanned 400 million devices per day in an effort to protect users from network-based and on-device threats. What’s more, it checked over six billion installed applications per day and protected hundreds of millions of Chrome users on Android from unsafe websites via Safe Browsing.

Turning its attention to Google Play, the company said it took measures to make it even more difficult to get potentially harmful apps (PHAs) into its store. Overall, PHAs were installed on less than 0.15 percent of devices that get apps exclusively from Google Play. On devices that get apps from both Google Play and other sources, the number of PHA installations rose to about 0.5 percent.

It’s worth noting that Google said it saw an increase in the number of PHA install attempts outside of Google Play.

In addition to more stringent vetting of apps, Google points to new security protections and controls in Android 6.0 Marshmallow as well as Android’s inclusion in Google’s bug bounty program as proactive methods to help fight nefarious apps and activity.