Should you worry about malware on your phone? We asked the experts

RSA Conference
Charles Lever speaking at the 2015 RSA Conference. RSA Conference
At this year’s RSA conference, Charles Lever, a researcher from Damballa delivered a talk in which he claimed that mobile malware in the U.S. has been overstated and overhyped. According to him, you have a greater chance of being hit by lightning than getting mobile malware. Lever explained that of the more than 150 million smartphones in the U.S. it tracked, only 9,688 had been exposed to malware.

The low rate of infections, he says, is due to the use and prevalence of the two biggest app stores, Google Play Store and Apple’s App Store, which send apps through a certain level of security checks before listing an app for downloading. However, if you venture outside these legitimate app stores, you’re inviting trouble.

Representatives from security services like Avast and Lookout disagree with Lever, claiming that the mobile world isn’t as safe as he makes it out to be. So, who is right and who is wrong, and how concerned should you be, as a user? We spoke with all parties to find out.

Still early days for mobile malware

The extent of mobile malware is still not widely understood. “This research shows that mobile malware in the U.S. is very much like Ebola,” Lever told the conference. “Harmful, but greatly over-exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection.”

“As long as there are users and mobile users are growing every year, there always will be malware.”

An early April report from Verizon made some similar remarks, stating that while mobile malware is dangerous, it will not be the cause of a massive cybersecurity incident, like the one Sony suffered. “Data breaches involving mobile devices should not be in any top-whatever list,” the authors said.

There are other factors that affect the security of mobile devices beyond malware.

“Malware is only one part of the mobile security story. Many of these recent reports are only taking into consideration commodity malware, and not targeted attacks, which are arguably the most concerning threats,” says Aaron Cockerill, VP of Products at Lookout.

However, there are many who stress that mobile malware is a real concern that users should be aware of. Michal Salat, threat intelligence analyst at Avast, says that it’s important not to downplay mobile malware. “As long as there are users and mobile users are growing every year, there always will be malware,” he says. “It’s the same with PC, as PC grew and the amount applications grew, the amount of malware grew.”

rsa 2015

RSA Conference

Salat says he agrees that users should stick with using official app stores, because they are “fairly secure,” but there can still be malware found in these stores. The only way to ensure the store is 100-percent free of malware is to employ individuals who check each app that comes through, which is impractical, he says.

The numbers examined by Lever, says Salat, give a kind of narrow view. “It’s kind of a small point of view they are speaking about in the presentation, because they were only talking about the malware that communicates with the author in any way,” says Salat. “There is a significant amount of malware that never connects back to the author. The best example would be pay-per-click malware.”

Threats still appear in the app stores

In their own work, Salat and the team at Avast have come across a few notable examples of mobile malware rearing its ugly head in the Play Store. They discovered the card game app, Durak, a piece of adware that would eventually show a fake warning message, that if followed through on, would allow the adware to scoop up data from your smartphone. “By [Google’s] own metrics, it affected about five to 10 million users,” says Salat.

“We detected it over several different detections at a time. It was on the app store for quite a lot of time and infected a lot of people,” he says. This one example from Salat counters many of the figures presented by Lever in his presentation downplaying the dangers of mobile malware.

“I don’t want to question [Damballa’s] numbers, don’t get me wrong, they’re probably true, but they’re taken from a really small part of the market,” he adds.

Durak-game-GP

“What I really don’t like about the report is the final statement that it’s way more probable that you will get hit by lightning than encounter malware,” Salat says, explaining that the weather figures represent your chances of being struck by lightning across your lifetime. “The percentage that says how possible you are to get infect [by malware] was taken over a year,” Salat explains, “so there is a huge difference.”

North America is not the danger zone

While U.S. users aren’t having as many problems, regions outside North America are becoming hotbeds of mobile malware, as threats have become more global, particularly in Eastern Europe and Asia.

“[Cyber criminals] are basically repurposing really common PC variants of financial services Trojans, like SpyEye and Zeus, and are repurposing and refactoring those to run on mobile devices,” says Gary Davis, chief consumer security evangelist at Intel Security.

According to Davis, there are many reasons why other regions have been more susceptible to attack, namely users in those areas tend to own phones running older operating systems. “I think that’s where a lot of attacks are originating,” Davis says.

China is another example of a fertile ground for malware. The Google Play Store isn’t supported in China, even though there are a high number of Android users in the country. Because the app stores aren’t as universal, the country has a higher number of malware infections compared to the United States.

gary davis
Gary Davis

Davis says that this year alone there will be some notable instances in how malware spreads on mobile. Intel Security predicts that ransomware, or malware that threatens users and asks them to pay money to fix their system, will be targeted more and more toward smartphones rather than PCs. “If you look at how malware writers are creating their wares, it seems to be that’s where they’re going next, and that makes us a little bit nervous,” he says. “Mobile writers in malware are going to start kitting their software, and this is something that goes on quite a bit on the PC side.”

He points out research from a colleague that claims roughly 80 percent of the malware they find is a derivative of something else.

“They’ll take something they can either buy or get through the dark Web and repurpose it and do what they’re going to do,” he says. “We expect that mobile malware writers are going to start kitting up their malware starting this year and make it available on the dark Web, either for free or for sale.”

How to stay safe

There are several tips mobile users can follow to keep their devices free of malware, and many of them are the same as protecting your desktop. Security experts recommend that you keep your operating system updated and install a good anti-virus software, but also, adding PIN protection to your phone in case it’s stolen is always a good idea, as is being extra cautious of public Wi-Fi connections.

Mobile

5G is the swift kick VR and AR gaming needs to come to fruition

There's a lot of hype surrounding augmented reality and virtual reality, but is it really the next big thing? We take a look at where the new mediums stand, as well as how 5G is poised to help them break into the mainstream.
Product Review

Packed with features, the Ring Spotlight Cam Wired makes home security a breeze

With an integrated spotlight, crystal-clear video, and color night vision, this device makes home security a cinch. Here's why we like the Ring Spotlight Cam Wired as a great choice for outdoor home security.
Computing

A new Mac Pro is supposedly coming in 2019, but what will it be like?

Our Mac Pro 2019 rumor roundup covers all the top news, leaks, and rumors about the new Mac Pro set to be announced sometime in 2019. Here's what Apple has said, what the experts think, and what's likely to show up with the new Mac Pro.
Smart Home

Abode Systems taps HelloTech for professional security system installations

Abode Systems has been expanding into the smart home security market and will enhance its technology with a new partnership with tech support firm HelloTech, which will install its security systems for a fee.
Computing

These are the 6 best free antivirus apps to help protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.
Mobile

The 2019 iPhone could put a charge into your other Apple gadgets

While it's not been long since the last iPhones launched, rumors for the next iPhone are already surfacing. Apple's 2019 flagship could include a variety of upgrades ranging from a new design to enhanced features.
Deals

This discounted smartwatch is a cheap Apple Watch or Fitbit Versa alternative

The Amazfit Bip isn't an Apple Watch or Fitbit Versa, but at the discounted price of $67, it's a very affordable alternative packed with useful features. With built-in GPS and 30-day battery life, this cheap smartwatch is a great option to…
Mobile

Own an unlocked Galaxy S9? The U.S. Android Pie update has landed

Android 9.0 Pie has been released. But is your phone getting Android 9.0 Pie, and if so, when? We've done the hard work and asked every device manufacturer to see when their devices would be getting the update.
Gaming

Xbox's app lets you access your console while away from home. Here's how

Microsoft's Xbox allows you to access your profile information and launch media content directly from your mobile device. Check out our quick guide on how to connect your smartphone to an Xbox One.
Mobile

It looks like Google may get rid of the back button in Android Q

Android Pie recently rolled out, but it's already time to look ahead to Android Q, the next version of Google's mobile OS. We've seen a number of rumors and leaks come out about the operating system -- here's everything we know so far.
Deals

Amazon cuts prices on the Apple Watch Series 3 for Presidents’ Day

The Apple Watch Series 3 is seeing the same price cut we saw during the Amazon sale just last week. So if you're hoping to pick up an Apple Watch for less than $250, this $50 discount from Amazon can make that happen for you.
Deals

Here are 20 portable tech gadgets you’ll want to use every day

If you're looking for portable tech to keep you charged up while on the go (or for some great small gift ideas), we've rounded up 20 must-have gadgets. You'll find everything from a mini gaming controller to a folding Bluetooth keyboard.
Deals

Need a new tablet? Here are the best iPad deals for February 2019

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for December 2018.
Social Media

Instagram to make giving easier with a Stories donation sticker for fundraisers

Instagram is preparing to launch a donation feature within Stories that would allow users to raise cash for a range of nonprofit charities. The company confirmed it's aiming to launch the donation sticker later this year.