F-Secure report shows once again why you should stick to the Play Store for app downloads

by: Bogdan PetrovanMarch 5, 2014

mobile threats f-secure

Finnish security company F-Secure published its Threat Report for the second half of 2013, which includes a section dedicated to mobile security issues.

According to the company, threats in the mobile space are almost entirely surfacing within the Android ecosystem, with 97 percent of malware identified in 2013 targeted at Android users, and the rest to the dying Symbian. F-Secure did not identify any malware targeting iOS, Windows Phone, or BlackBerry devices last year.

Should the fact that malware makers focus almost exclusively on Android worry you? Not as much as you’d think from that 97 percent share alone. That’s because Android is not only the most prevalent mobile operating system (around 80 percent of the global market), but also much more open and diverse than its competitors. In other words, Android, in its various forms, is the low hanging fruit for malware developers, and the fact that they go after it almost exclusively should be no surprise.

Malware on Android is a problem mostly in the countries where users frequently download apps from alternative app stores, instead of Google’s “official” Play Store. F-Secure’s data shows that a whopping 75 percent of malware samples it collected come from two countries – Saudi Arabia and India. United States is a distant third with five percent, while the rest of the world totals 20 percent.

f-secure malware top countries 2013

Another interesting stat is the percentage of malicious apps out of the total number of samples analyzed. The good news is that Google’s Play Store has a rate of about 0.1 percent (136 samples out of 132,738 samples analyzed). And, because Google actively weeds out suspicious apps from the Play Store, any malware that makes it through the protection system has a shorter shelf life compared to third-party app marketplaces.

As for other app stores, the report concludes that under ten percent of the apps from the top four third-party stores (Anzhi, Mumayi, Baidu and eoeMarket, all Chinese focused) are malicious. However, the rate was as high as 33 percent in the case of one store, Android159.

f-secure malware android app stores 2

The conclusion is obvious: don’t trust third-party stores, they have an unacceptably high malware rate. The Play Store is comparatively safe, and Android’s protection measures further reduce the percentage of malicious apps that can affect you.

According to a Google presentation from October 2013, just 0.001 percent of all app installations originating from the Play Store result in malware being installed. That’s because all apps have to go through multiple layers of verification before they actually get access to the device. Here’s a graph depicting these protection measures:

google verify apps defense (1)

F-Secure’s report goes in depth on various security issues that affected Android throughout 2013, including types of malware, trojan families, and vulnerabilities that unscrupulous app makers used to exploit mobile devices, including the infamous Masterkey vulnerability. Check out more details in the full report here (PDF).

  • MasterMuffin

    This is interesting. Before reading this I was sure that this was going to be another study where an anti-malware company is trying to scare people into using an anti-virus (and preferably their own), but this actually shows that risk of getting malware is only real when downloading from 3rd party (like that amazing android159, source for all the cuul appz trust mee ;D). I’m just wondering why Finland has such high % o.O

    • RarestName

      me want cuul appz pl0x

      sorry for my bad english

    • Guest123

      However, F-secure failed to mention the low numbers on iOS and WP are due to the fact that no one uses F-secure’s software on those platforms. . . or this article fails to mention it.

      You can’t tract what you aren’t on.

      • gest123

        Can you name some malware which is written for iOS? Or WP?

        • Guest123

          Just google it!

          The difference is, MS & apple are better at keeping malware from getting into their app stores — still found in the wild, though.

  • MichaelEVo

    A flat tire (on a crowded highway, in single-digit weather) caused enough delay yesterday morning to prevent me from submitting a Brain Game. Apologies for its absence, but I’m back! http://mobex.me/54-22-39-72-26-38

    • MasterMuffin


  • Guest123

    “According to a Google presentation from October 2013, just 0.001 percent of all app installations originating from the Play Store result in malware being installed.”

    Not something I would brag about, Google. The fact that any malware is available on a “trusted” market that ships on most devices is sad, very sad, and it usually takes users and reviewers to point them out to google to get them removed — one reason to NEVER download new apps from the play store.

    • Keg Man

      thats impossible. thats like saying you never expect a hacker to break into a system. No one is safe….ever

  • Key Lime Pie

    What about apks? Are they safe.
    Which sites are the best for safe apks?

    • Keg Man

      that would be side loading and that is not safe. the safest way is from the google play store

  • Karam

    It’s time for google to unblock the play store availability in some countries.. Like mine ..I’m in Syria and the store is blocked..so we have to use unsafe ways to install apps..from other suspicious stores!
    Shame on you google