Smartphones

Android malware sees 'exponential growth'

Kara Reeder reports on the increased risk associated with downloading Android apps.
According to Juniper Networks, Android malware jumped a whopping 472 percent since July 2011, reports Computerworld, with the bulk occurring in September and October. The malware, which appears in Google's Android Market or the dozens of alternate download sites, is often disguised as legitimate applications, with the most popular malware apps targeting communications and GPS data, notes CNET News. Juniper says among the Android malware samples, 55 percent are spyware, while 44 percent are considered SMS Trojans.

Google has been hit by three different waves of malware this year. Why is Android a popular target? A big part of the problem is that Google doesn't control what apps can be installed in an Android device like Apple does. In a blog post, Juniper isn't shy about laying the blame at the foot of Google:

These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications.  With no upfront review process, no one checking to see that your application does what it says ... Sure, your application can be removed after the fact ... But, how many unsuspecting people are going to download it before it is identified as malicious and removed?  This is precisely what is playing out in the mind of mobile malware developers today.

Also see

These Android topics by Michael Kassner:

4 comments
Neon Samurai
Neon Samurai

In short, "viruses" are not an issue as the attribute of copying itself from one device to another is not a task anyone has managed to consistantly accomplish. Trojans are indeed a risk and that is what this topic is really about; programs installed by the user which carry a hidden payload. The risk is social engineering devices owners into installing the trojan applications. Of course, a big part of this is also due to manufacturers who do not provide firmware updates in a timely manner if they do at all. http://www.schneier.com/blog/archives/2011/11/android_malware.html From what I can gather, there are a few things to consider as a device owner: - buy from a reputable manufacturer who has demonstrated a history of shipping updated firmware for your device of interest. (if they don't ship updates, they are not reputable) - install applications from the official repositories (market) only -- read the application reviews first -- look for applications with a broad user base; no "installed by five people" stuff -- do not install everything under the sun just because it's available and you may have use of it one day. Like any OS; install only the applications you actually need. - if you must install from outside the official repositories; accept that you are choosing to go it alone and be sure you trust the application source before "side-loading" it in. Google could do more to manage the repositories too. If they are going to leave it wide open, consider something closer to the Debian method like the Nokia did with Maemo applications respositories; apps must pass vetting through a "development" respository before becoming available in the "stable/retail/public" repository. It doesn't have to be a hamfisted vetting process like Apple's but it sure should be more than allowing any developer to post up whatever trojan they can code over a weekend. There was also a group that recently developed a business safe addon for Android. It basically partitions the phone into a "personal" and "business" segregated install. The idea is that the device owner can do whatever they like in the stock personal side and not have it access or otherwise affect the business side. The business side can be managed within the company policy seporate from the personal side. (I thought it was called "Red Phone" but that is a different app it seems) The group is supposed to give a talk and release it during one of the infosec conferences recently passed or coming up soon. (drat.. wish I could find the article about it now; be about three weeks old now?) For me personally, the Nexus devices are the only Android fork of interest due to runnign stock Android and getting direct updates. Maybe my next upgrade will be the Samsung if I can get around the idea of how much information I'll be forced to feed back to Google's servers. Maybe my lovely N900 will hold out until the Motorola/Google merger ships a Nexus or similar reference hardware platform. We'll see since the current mobile offerings make me think more and more about going back to a dump/feature phone and a smart PDA/tablet.

bboyd
bboyd

Access that generally is not available on Apples wares. And as usual the reporting agent has a vested interest in inflammatory reporting. Probably most of the malware is just simple polymorphism. I could make 583 copies of a program that sends a joke SMS to my target and front end each with a different cover. Using one single developer account and surge the statistics too. And counting app markets in China sounds pretty lame. They have whole knock off Apple stores... Quoting a quote... "No matter what policies an app store may have, the real way is to protect a device is to protect it with security software," Hoffman said. "You have to protect your mobile devices just like you protect your PCs." Sounds like AV industry shill once again. Now reporting penetration rates to phones themselves might be a better indicator. Once again data that will not be made available for iPhones or any apple device. so comparing them is at best foolish, if not disingenuous. Especially since download rates are spoofed or, in the case of uncontrolled secondary market, entirely fabricated. The whole "90,000 people downloaded it so it must be good" sheeple control technique. Let me see about drive by rooting...

Neon Samurai
Neon Samurai

the risk is social engineering owners into installing trojan applications. Any AV company talking about installing a scanner on your phone is hocking snakeoil. Apple's raw statistics would be very interesting to see but that's even less likely than ever seeing true raw statistics for desktop OS actually in use rather than shipped to OEM stockpiles. But, Iphone sure "feels" safer and that's what's really important for brand development in the end.

Editor's Picks