Finnish security company F-Secure published its Threat Report for the second half of 2013, which includes a section dedicated to mobile security issues.
According to the company, threats in the mobile space are almost entirely surfacing within the Android ecosystem, with 97 percent of malware identified in 2013 targeted at Android users, and the rest to the dying Symbian. F-Secure did not identify any malware targeting iOS, Windows Phone, or BlackBerry devices last year.
Should the fact that malware makers focus almost exclusively on Android worry you? Not as much as you’d think from that 97 percent share alone. That’s because Android is not only the most prevalent mobile operating system (around 80 percent of the global market), but also much more open and diverse than its competitors. In other words, Android, in its various forms, is the low hanging fruit for malware developers, and the fact that they go after it almost exclusively should be no surprise.
Malware on Android is a problem mostly in the countries where users frequently download apps from alternative app stores, instead of Google’s “official” Play Store. F-Secure’s data shows that a whopping 75 percent of malware samples it collected come from two countries – Saudi Arabia and India. United States is a distant third with five percent, while the rest of the world totals 20 percent.
Another interesting stat is the percentage of malicious apps out of the total number of samples analyzed. The good news is that Google’s Play Store has a rate of about 0.1 percent (136 samples out of 132,738 samples analyzed). And, because Google actively weeds out suspicious apps from the Play Store, any malware that makes it through the protection system has a shorter shelf life compared to third-party app marketplaces.
As for other app stores, the report concludes that under ten percent of the apps from the top four third-party stores (Anzhi, Mumayi, Baidu and eoeMarket, all Chinese focused) are malicious. However, the rate was as high as 33 percent in the case of one store, Android159.
The conclusion is obvious: don’t trust third-party stores, they have an unacceptably high malware rate. The Play Store is comparatively safe, and Android’s protection measures further reduce the percentage of malicious apps that can affect you.
According to a Google presentation from October 2013, just 0.001 percent of all app installations originating from the Play Store result in malware being installed. That’s because all apps have to go through multiple layers of verification before they actually get access to the device. Here’s a graph depicting these protection measures:
F-Secure’s report goes in depth on various security issues that affected Android throughout 2013, including types of malware, trojan families, and vulnerabilities that unscrupulous app makers used to exploit mobile devices, including the infamous Masterkey vulnerability. Check out more details in the full report here (PDF).