Android's openness is also its weakness when it comes to malware. But some simple user education can reduce the risk, says KPMG security expert Malcolm Marshall.
The massive adoption of smartphones and tablets in 2011 was accentuated by the Christmas period sales figures. According to mobile analytics firm Flurry, close to seven million new smartphones were activated globally on Christmas Day.
In the final week of 2011, the number of downloaded apps passed the billion mark for the first time. In 2012 that level is expected to be commonplace.
Such a large market is immensely attractive to those looking to profit illegally from the boom. Using apps to deliver malicious payloads is not new but there has been a marked increase in the number of bad apps detected over the past two years.
The targeting of Android-based devices during 2011 experienced an exponential growth. Some forecasts for 2012 predict an increase in bad applications of a staggering 6,000 per cent. These include a mix of malicious applications as well as apps that breach users' privacy.
In December a number of media outlets reported that several fake versions of popular applications were removed from Android Market. A similar attack was detected in the first week of January, again affecting Android Market.
In both cases the apps impersonated popular games to trick users into sending text messages to premium rate numbers. This approach is an evolution of premium rate scams that have existed for a long time.
These attacks will evolve into other areas including the targeting of private information, such as identity theft and the stealing of credentials. It would not be surprising to see attacks targeted at enterprises via mobile platforms.
Most malicious applications have been identified on Android platforms. That fact is an unfortunate consequence of the operating system's great feature: openness. It is straightforward for publishers to launch a new application, and this convenience is heavily exploited to target mobile users.
Identification of malicious applications relies primarily on...
Malcolm Marshall is head of information protection and business resilience at services company KPMG in London.