https://www.google.com/#hl=en&safe=active&tbo=d&sclient=psy-ab&q=web+based+android+attacks&oq=web+based+android+attacks&gs_l=hp.3...1155.7563.0.8002.27.25.1.0.0.0.368.3862.0j23j1j1.25.0.les%3Bernk_timediscountb..0.0...1.1.2.hp.vMNW3eLxHyU&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&bvm=bv.42261806,d.aWc&fp=cecfd734039d8d45&biw=1366&bih=643Most articles about Android web based attacks are around November 2010 and focus on *some* versions of Android 2.1.
I can't find anything more recent.
The few articles with any details about actual Android Malware describe downloading specific Android apps from non-Google Play sites, installing them *and* accepting outrageously broad permissions terms during the software installation.
And that is the thing - I haven't heard of a single Android drive-by infection that doesn't require *tricking* an end user into enabling the "malware" by installing it themselves and accepting the permissions that allow it to do bad things. That makes Android malware uniquely different than Windows malware - which can install and take control of your machine without any user interaction whatsoever.
That is - reports about pervasive Android malware are mostly FUD. People who don't know what they're doing who click on anything and accept permissions rights that make no sense are the ones getting infected by Android malware.
Contributr 
