Skip to main content

Is Android becoming the Windows of mobile malware?

android virus
Image used with permission by copyright holder

Juniper Networks is raising eyebrows in the mobile industry this morning with a new report claiming the incidence of malware targeting Android devices has risen by 472 percent since July of this year. Presumably, that number is augmented by “hundreds” of malware samples the company uncovered in a series of third-party Russian app stores. Juniper describes the Russian malware cache as just the “tip of the iceberg,” believing there may be thousands of more malware apps waiting to be discovered.

Although many security firms still characterize the threat of mobile malware as relatively low, it’s important to know that those firms are generally comparing the number of threats faced by Android and other mobile operating systems to the those faced by Windows — which is the absolute king of malware, assaulted by hundreds and even thousands of new trojans, worms, exploits, and variants every day. Saying a platform faces a low threat compared to Windows isn’t saying much at all.

But Juniper’s figures highlight the growing threat of mobile malware, particularly on Android. How do Juniper’s numbers hold up, what’s to blame for rising Android malware, and how can Android users protect themselves and their devices?

Juniper’s figures

Juniper Networks Android Malware infographic Nov 2011
Image used with permission by copyright holder

According to Juniper Network, the amount of malware targeting Android has jumped by 472 percent since July, punctuated by very sharp increases in October and November. Juniper says they were seeing steady increases in the amount of Android malware they intercepted in July and August, which saw incidence rates increase by 10 and 18 percent, respectively. However, in September Juniper intercepted more than double the amount of Android malware it had in July (up 110 percent) and that figure jumped to either 111 or 171 percent from October 1 through November 10. (See Juniper’s infographic for more detail—the infographic claims a 111 percent increase most recently, But Juniper’s text says 171 percent.)

The figures echo similarly alarming percentages from other security vendors. This summer, Trend Micro claimed the incidence of Android malware had increased 1,410 percent from January to July 2011. It published an infographic, too.

Curiously, Juniper provides no hard figures to accompany its percentages, so it’s difficult to know what those percentages mean in absolute terms. It would be nice to compare the number of malware apps out there (and their interception rates) to the number of available Android apps or the number of apps distributed over the same period of time. After all, if a small town of 5,000 people had one serious traffic accident in 2010 and then two serious traffic accidents in 2011, the rate would be up by an alarming 100 percent! However, number of accidents in proportion to the number of drivers — let alone the number of hours driven in the town during the year — would still be very, very low. Juniper Networks does describe the cache of Russian malware it found as “hundreds” of apps, but it’s not clear if those are included in the firm’s 472 percent increase, and offers no other hard figures.

Symantec and Kaspersky similarly offer percentages for recent increases in Android malware, but seem to withhold hard figures — or, at least, I haven’t been able to find them. McAfee is slightly more helpful: In August it reported a 76 percent increase in malware targeting Android during the second quarter of 2011, and gave a specific number of threats it had identified: 44. Just this week, McAfee described the total number of malicious apps in the wild as “approximately 200“—and that’s across all platforms, including Symbian, Java ME, Windows Mobile, iOS, and others.

The number of apps available on the Android Market stands at about 350,000. Although the total number of threat apps is never truly known — even to security researchers — the alarmingly large percentage figures from Juniper and McAfee do seem to suffer from a bit of the small-town problem. Despite some high-profile malware removals from the Android Market (like DroidDream trojans earlier this year),  in absolute terms, Android malware still a very small portion of the broader Android software ecosystem.

Types of Android malware

There does seem to be basic agreement on the types of Android malware out there. The bulk acts as spyware and tries to steal personal data, including contacts, location, personally identifying information email, messages, and data stashed in log files and other areas of the device. Spyware can also potentially control an Android device, meaning it could place calls, send messages, restart apps, disable locks, control vibrate alerts, and (of course) access the Internet to send collected data to the malware authors — or download and install new malware packages.

Spyware represents a bit of a longer-term game for malware authors: They’re hoping they’ll get usable (and sellable) information by keeping an eye on users’ phones, and they’ll make their money selling collected email addresses (and potentially financial information) to spammers and cybercriminals.

One form of Android malware that has immediate payoff for malware authors is are SMS Trojans: apps that appear to do something fun or useful, but in the background send SMS messages to premium rate numbers — the same way many voting competitions, music and ringtone services, and other businesses collect money via text messages. Once those messages are sent, the malware authors have their money, and consumers don’t have much (or any) recourse. The bulk of Android malware apps Juniper says it found in Russian third-party Android markets are SMS Trojans.

Pointing fingers

So even if malware isn’t quite overrunning the ecosystem yet, where is all this malware coming from? Security firms seem to pretty squarely place the bulk of Android malware at the feet of cybercriminals who used to target Java ME and Symbian phones. As those platforms have declined, they’ve moved along to Android, which enables them to leverage some of their working knowledge of Java and is also, conveniently, now the world’s hottest-selling smartphone platform.

In terms of distribution, security firms all agree that third-party Android app stores run a higher risk of malware than trusted sources. A number of Android exploits have been distributed via third-party app stores in Russia and China — heck, one Chinese example of Android malware uses a public blog as its command-and-control center. The appeal of these app stores in their respective markets is obvious: They use local languages, and their selection of apps and new items is going to be much more in tune with local culture than the broader Android Market. Nonetheless, most of those app stores are completely unregulated and unmonitored: Almost anyone can upload anything, safe or not.

That doesn’t let Google’s Android Market off the hook. Although McAfee recommends Android Market specifically as a trusted source for safe Android apps, other security outfits aren’t so kind. Juniper in particular rips into Google’s management of the Android Market:

“These days, it seems all you need [to upload malware to Android Market] is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications,” Juniper wrote in its blog. “With no upfront review process, no one checking to see that your application does what it says, just the world’s largest majority of smartphone users skimming past your application’s description page with whatever description of the application the developer chooses to include.”

Google famously does not review submissions to the Android Market, or require code-signing by a trust authority, although developers must at least code-sign with self-signed certificates. Although Google will remove malicious apps once they’re discovered, realistically that can’t happen until the apps have victimized users.

Staying safe

Android users can take some basic steps to keep their devices and their data safe. Good tips include:

  • Disable the “unknown sources” option for installing apps in the Android device’s Applications Settings menu. This will help prevent users from inadvertently installing software when, say, accidentally following a malware link in an SMS message, spam, or social networking site. It will also keep the device out of most third-party Android app stores, which seem to be a prime distribution vector for Android malware. However, this may not be an option if users need to sideload custom Android apps for, say, business or work purposes.
  • Research apps before downloading or buying them. Try to stick with apps that have broad third-party recommendations and come from reputable publishers. Check both an app’s and publisher’s ratings.
  • Carefully check app’s permissions. When you install an app, Android will present a list of hardware and software components that the app wants to access, including things like location data, a device’s camera, the Internet, storage, system tools, MMS/SMS, and making phone calls. If the requested permissions don’t seem reasonable, don’t allow the app to install. For instance, a game probably doesn’t have any need to access your contacts, and a photo organizer doesn’t need to send SMS messages.

Makers of security and antivirus software will, of course, recommend users download, install (and, hopefully, purchase) antivirus software for Android. However, the jury seems to be out on how useful security and antivirus apps are for Android — at least at the moment. A new study from AV-Test (PDF) finds that almost all free Android malware apps don’t offer significant protection against existing Android malware. Paid Android security packages from F-Secure and Kaspersky fared better, but only managed to detect about half the installed threats tested by AV-Test, although they did very well with blocking malware installation.

The most important thing is probably to be aware that there is malware for Android, and let common sense be your guide. If an app seems to good to be true, it might just be carrying a hidden payload that’s after your money and personal information.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Apple’s Magnetic Charging Dock for the Apple Watch is 56% off today
An Apple Watch on the Apple Watch Magnetic Charging Dock.

Whether you're a new Apple Watch owner or you've already owned several models of the wearable device, you should always be on the lookout for discounts on accessories for the smartwatch. If you don't own it yet, the Apple Watch Magnetic Charging Dock is currently on sale from Amazon's Woot for just $35, which is less than half its original price of $79 for savings of $44. Time is running out if you want to take advantage of this offer though, so you better hurry with your purchase if you don't want to miss out.

Why you should buy the Apple Watch Magnetic Charging Dock
All the models of the Apple Watch use wireless charging to replenish their batteries, and if you want something else besides the magnetic charging cable that comes with every purchase, you should go for the Apple Watch Magnetic Charging Dock. The puck at the middle may lay flat to charge your Apple Watch on top of it, or it may be raised to charge your Apple Watch at the side in Nightstand mode, which will show the time and any alarms that you have set with the wearable device.

Read more
TORRAS Ostand series for Samsung Galaxy S24 Ultra adds features and it’s on sale
TORRAS Ostand Series case for Galaxy S24 Ultra used outdoors

Your new phone needs a case, but why settle for any boring old case? TORRAS makes a point of delivering truly functional, next-level cases for various mobile devices, including Samsung's brand-new Galaxy S24 Ultra. The case in question is called the Ostand series, and it has been painstakingly designed to enhance your mobile experience and even add to it. Allow us to explain. It introduces unique lens protection technology to keep the quality telephoto lens on the S24 Ultra safe and protected while still maintaining full clarity. You get gorgeous, pro-grade pictures, plus you can use the built-in 360-degree rotating case stand to get unique shots -- you can take photographs with the stability of a tripod. That's not all. It works well with Samsung's smart note-taking features, protects the speakers from dust and debris while preserving audio quality, adopts a subtle curved design to match the S24 Ultra's unique display, and much more. As TORRAS boldly claims, it's "more than a case." Why not take it for a spin or keep reading to learn what else it can do? Spoiler: It’s not just a case!
Order Now
Why you need the TORRAS Ostand Series case for your Samsung Galaxy S24 Ultra

Featuring a lightweight titanium alloy exterior that's both lighter and more manageable than its predecessor, the Samsung S24 Ultra sets the bar for ultra-portable phones. But when you slap a case on it, at least usually, that all goes away. Not with TORRAS' Ostand series, as it emphasizes lightness and slimness. The phone still feels lightweight and enjoyable but looks as stunning as it does without any protection. More importantly, the Ostand series case is the perfect companion for your S24 Ultra, and here's why:

Read more
This smartphone camera sensor could make blurry photos a thing of the past
Metavision camera sensor tech.

Google Pixel 8 (left) and OnePlus 12 Andy Boxall / Digital Trends

Paris-based Prophesee made waves last year when it showcased its in-house event-based Metavision sensor tech for smartphone cameras. The core idea behind the stack was to make blurry images a thing of the past, demonstrating some impressive results during the development phase.

Read more