Report: Android’s malware problem is getting worse, and only users of the latest version are safe from harm

June 28, 2013


    Earlier this year, we saw a report that said there was a 163% rise in the number of malware-infected Android devices in 2012. As shocking as that figure might be, we have a new report now that says the problem has blown up even further.

    According to a recently published report[1] from networking vendor Juniper Networks, the number of mobile threats grew an astonishing 614% from March 2012 to March 2013. This equates to a grand total of 276,259 malicious samples, according to research done by the company’s Mobile Threat Center or MTC.

    What exactly constitutes such a large amount of mobile threats? It is said that the majority of these mobile threats — 77% of the total — come in the form of money-siphoning applications that either force users to send SMS messages to so-called premium-rate numbers or somehow manage to perform the sending of SMS messages all on their own.

    They go virtually undetected as they are normally bundled with pirated apps and appear as normal applications. Typically, these malicious apps can net their creators an average profit of about $10 per user, according to Juniper Networks.

    As it is currently the most popular mobile device platform in the world, it’s easy to see why Android would be targeted with such malicious activities. But perhaps you’re wondering, is there anything that can be done to combat this problem?


    Indeed, there is. In Android 4.2 Jelly Bean, a new safety feature was introduced in order to stop wayward SMS messages dead in their tracks. But that in itself is a huge problem: Android 4.2, the latest version of the Google mobile operating system, is only available on a tiny fraction of all Android-powered devices out on the market. In fact, many of today’s newer devices don’t even ship with it. So the relevant safety features, as useful as they might be, becomes pretty much useless.

    Even worse, the money-making malware mentioned above represents only one type of mobile threat on Android. Android spyware is also present, accounting for 19% of the total malicious samples collected in the above-mentioned research. These could potentially put a user’s privacy at risk, collecting sensitive data and all kinds of information then relaying them to the spyware’s creator.

    Trojan apps have also been discovered to be part of the overall Android ecosystem. Although they form a very small part of the entire body of mobile threats on Android right now, it is possible for them to become more widespread in the future. If the fix really only lies in having the latest version of Android installed on a device, and the issue of fragmentation — not to mention the slow software updates from carriers and OEMs — persists, that’s almost a certainty.

    What do you think could be done to finally overcome these kinds of problems? Will it be the end of Android as we know it? Let us hear your thoughts in the comments.

    [1] Juniper Networks Whitepaper (Warning: PDF)

    Comments

    • Piyush

      those people who where saying we dont need update , now are in deep trouble , because of this oem and carriers didnt care .

    • Spank

      This sounds like scare-tactics to stop people from installing apps they downloaded ass apk or from torrents. There are numerous anti-virus apps avilable for Android so basically these don’t work then? Sure. There are trojans, viruses and malware on PC’s too but where’s the problem there?

      • Cerberus_tm

        Agreed. And you can always use something like LBE to block permissions for applications of your choice, like sending SMS or making calls (almost no applications should have to do that).

    • AndroidShiz

      It’s weird. Every time there’s a new update or something around the corner, or Android positively pushes forward in new areas, another malware report comes out. I’ve been on Android since Eclair and have yet to come across one. Then again I’m not downloading apps called “Sexy Babes FREE” and the like. As far as app sharing, I’ve seen developers figure out ways around that already. Gameloft does a good job at it for instance.

      • Ron

        It’s always that way. I just read about the Play Store’s advanced app scanning and then this.

    • Jason

      Here’s an idea. Don’t be a cheap dumb ass and stop running pirated apps.

      • Spaine Carinan

        Not only on pirated apps but some app that are on playstore have malware…

    • Ron

      Oh Symbian. Those were the days.

    • Amadeus Klein

      The sky is falling!! Pirated apps, duh…. that’s what most pirated apps do, both on ios and android…

      while on the play store always check the permissions, if your “free” tethering app asks you for sms access that should ring alarm bells…

    • SeraZR™

      I WILL INFECT! xD

    • Ruzveh

      Who knows guys sitting at MS might be developing such apps to harm Android.. as it is they dont have any better work these days

      • pikmin

        LOL, good idea :D

      • pikmin

        LOL, good idea :D

    • RaptorOO7

      The answer is rather simple, Google needs to be the one responsible for Android OS updates. MS, Apple, Linux OEM’s all deliver updates to your “computer” and since SMARTphones ARE computers we should be getting the updates faster, without carrier involvement and that sadly is something Apple has negotiated far, far, far better than anyone else. That is still not enough to get me to go back to iOS.

      In the meantime I will rely on the dev community to rollout awesome ROM’s that support the latest OS updates, now if the OEM’s would support the devs we could enjoy life more.

    • Howard Z

      I am the only member of my family using Android. The rest use iPhones. Apple provides quicker operating system updates bypassing the cell phone companies, and provides these updates to older phones for more years compared to android. This is a mess Google has created by pushing software device driver development and integration to the android phone manufacturers. Only the few nexus phones get timely updates to the latest android operating system version. This apparently is a security problem

    • Howard Z

      I am the only member of my family using Android. The rest use iPhones. Apple provides quicker operating system updates bypassing the cell phone companies, and provides these updates to older phones for more years compared to android. This is a mess Google has created by pushing software device driver development and integration to the android phone manufacturers. Only the few nexus phones get timely updates to the latest android operating system version. This apparently is a security problem

    • Albin

      I guess I’m sympathetic that Google has a harder job than Apple since it doesn’t make and control most of the devices Android runs on. I’m not so sure the answer is in the OS.

      Google has the proprietary point of purchase or download for most apps in Google Play. I’d like to have the article report whether and how many apps provided through Google Play were guilty of these abuses. There’s no excuse for Google permitting abusive software on its own proprietary download site, where it has complete control. Using another app supplier, it’s user beware.

    Popular

    Latest