Skip to main content
  1. Home
  2. Mobile

Is Android becoming the Windows of mobile malware?

By
android virus

Juniper Networks is raising eyebrows in the mobile industry this morning with a new report claiming the incidence of malware targeting Android devices has risen by 472 percent since July of this year. Presumably, that number is augmented by “hundreds” of malware samples the company uncovered in a series of third-party Russian app stores. Juniper describes the Russian malware cache as just the “tip of the iceberg,” believing there may be thousands of more malware apps waiting to be discovered.

Although many security firms still characterize the threat of mobile malware as relatively low, it’s important to know that those firms are generally comparing the number of threats faced by Android and other mobile operating systems to the those faced by Windows — which is the absolute king of malware, assaulted by hundreds and even thousands of new trojans, worms, exploits, and variants every day. Saying a platform faces a low threat compared to Windows isn’t saying much at all.

Recommended Videos

But Juniper’s figures highlight the growing threat of mobile malware, particularly on Android. How do Juniper’s numbers hold up, what’s to blame for rising Android malware, and how can Android users protect themselves and their devices?

Juniper’s figures

Juniper Networks Android Malware infographic Nov 2011

According to Juniper Network, the amount of malware targeting Android has jumped by 472 percent since July, punctuated by very sharp increases in October and November. Juniper says they were seeing steady increases in the amount of Android malware they intercepted in July and August, which saw incidence rates increase by 10 and 18 percent, respectively. However, in September Juniper intercepted more than double the amount of Android malware it had in July (up 110 percent) and that figure jumped to either 111 or 171 percent from October 1 through November 10. (See Juniper’s infographic for more detail—the infographic claims a 111 percent increase most recently, But Juniper’s text says 171 percent.)

The figures echo similarly alarming percentages from other security vendors. This summer, Trend Micro claimed the incidence of Android malware had increased 1,410 percent from January to July 2011. It published an infographic, too.

Curiously, Juniper provides no hard figures to accompany its percentages, so it’s difficult to know what those percentages mean in absolute terms. It would be nice to compare the number of malware apps out there (and their interception rates) to the number of available Android apps or the number of apps distributed over the same period of time. After all, if a small town of 5,000 people had one serious traffic accident in 2010 and then two serious traffic accidents in 2011, the rate would be up by an alarming 100 percent! However, number of accidents in proportion to the number of drivers — let alone the number of hours driven in the town during the year — would still be very, very low. Juniper Networks does describe the cache of Russian malware it found as “hundreds” of apps, but it’s not clear if those are included in the firm’s 472 percent increase, and offers no other hard figures.

Symantec and Kaspersky similarly offer percentages for recent increases in Android malware, but seem to withhold hard figures — or, at least, I haven’t been able to find them. McAfee is slightly more helpful: In August it reported a 76 percent increase in malware targeting Android during the second quarter of 2011, and gave a specific number of threats it had identified: 44. Just this week, McAfee described the total number of malicious apps in the wild as “approximately 200“—and that’s across all platforms, including Symbian, Java ME, Windows Mobile, iOS, and others.

The number of apps available on the Android Market stands at about 350,000. Although the total number of threat apps is never truly known — even to security researchers — the alarmingly large percentage figures from Juniper and McAfee do seem to suffer from a bit of the small-town problem. Despite some high-profile malware removals from the Android Market (like DroidDream trojans earlier this year),  in absolute terms, Android malware still a very small portion of the broader Android software ecosystem.

Types of Android malware

There does seem to be basic agreement on the types of Android malware out there. The bulk acts as spyware and tries to steal personal data, including contacts, location, personally identifying information email, messages, and data stashed in log files and other areas of the device. Spyware can also potentially control an Android device, meaning it could place calls, send messages, restart apps, disable locks, control vibrate alerts, and (of course) access the Internet to send collected data to the malware authors — or download and install new malware packages.

Spyware represents a bit of a longer-term game for malware authors: They’re hoping they’ll get usable (and sellable) information by keeping an eye on users’ phones, and they’ll make their money selling collected email addresses (and potentially financial information) to spammers and cybercriminals.

One form of Android malware that has immediate payoff for malware authors is are SMS Trojans: apps that appear to do something fun or useful, but in the background send SMS messages to premium rate numbers — the same way many voting competitions, music and ringtone services, and other businesses collect money via text messages. Once those messages are sent, the malware authors have their money, and consumers don’t have much (or any) recourse. The bulk of Android malware apps Juniper says it found in Russian third-party Android markets are SMS Trojans.

Pointing fingers

So even if malware isn’t quite overrunning the ecosystem yet, where is all this malware coming from? Security firms seem to pretty squarely place the bulk of Android malware at the feet of cybercriminals who used to target Java ME and Symbian phones. As those platforms have declined, they’ve moved along to Android, which enables them to leverage some of their working knowledge of Java and is also, conveniently, now the world’s hottest-selling smartphone platform.

In terms of distribution, security firms all agree that third-party Android app stores run a higher risk of malware than trusted sources. A number of Android exploits have been distributed via third-party app stores in Russia and China — heck, one Chinese example of Android malware uses a public blog as its command-and-control center. The appeal of these app stores in their respective markets is obvious: They use local languages, and their selection of apps and new items is going to be much more in tune with local culture than the broader Android Market. Nonetheless, most of those app stores are completely unregulated and unmonitored: Almost anyone can upload anything, safe or not.

That doesn’t let Google’s Android Market off the hook. Although McAfee recommends Android Market specifically as a trusted source for safe Android apps, other security outfits aren’t so kind. Juniper in particular rips into Google’s management of the Android Market:

“These days, it seems all you need [to upload malware to Android Market] is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications,” Juniper wrote in its blog. “With no upfront review process, no one checking to see that your application does what it says, just the world’s largest majority of smartphone users skimming past your application’s description page with whatever description of the application the developer chooses to include.”

Google famously does not review submissions to the Android Market, or require code-signing by a trust authority, although developers must at least code-sign with self-signed certificates. Although Google will remove malicious apps once they’re discovered, realistically that can’t happen until the apps have victimized users.

Staying safe

Android users can take some basic steps to keep their devices and their data safe. Good tips include:

  • Disable the “unknown sources” option for installing apps in the Android device’s Applications Settings menu. This will help prevent users from inadvertently installing software when, say, accidentally following a malware link in an SMS message, spam, or social networking site. It will also keep the device out of most third-party Android app stores, which seem to be a prime distribution vector for Android malware. However, this may not be an option if users need to sideload custom Android apps for, say, business or work purposes.
  • Research apps before downloading or buying them. Try to stick with apps that have broad third-party recommendations and come from reputable publishers. Check both an app’s and publisher’s ratings.
  • Carefully check app’s permissions. When you install an app, Android will present a list of hardware and software components that the app wants to access, including things like location data, a device’s camera, the Internet, storage, system tools, MMS/SMS, and making phone calls. If the requested permissions don’t seem reasonable, don’t allow the app to install. For instance, a game probably doesn’t have any need to access your contacts, and a photo organizer doesn’t need to send SMS messages.

Makers of security and antivirus software will, of course, recommend users download, install (and, hopefully, purchase) antivirus software for Android. However, the jury seems to be out on how useful security and antivirus apps are for Android — at least at the moment. A new study from AV-Test (PDF) finds that almost all free Android malware apps don’t offer significant protection against existing Android malware. Paid Android security packages from F-Secure and Kaspersky fared better, but only managed to detect about half the installed threats tested by AV-Test, although they did very well with blocking malware installation.

The most important thing is probably to be aware that there is malware for Android, and let common sense be your guide. If an app seems to good to be true, it might just be carrying a hidden payload that’s after your money and personal information.

Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
I record interviews for work. These are my favorite free recorder apps
The iPhone 14 Pro and Google Pixel 7 Pro's voice recording apps running together.

The Voice Recorder app on a phone (left) and the Voice Memos on another phone Andy Boxall / Digital Trends

Before you head to the app store on your phone to buy a voice-recording app, take a moment to consider the apps that may already be installed on your phone. Why? In my experience, they're likely all you really need. I’ve recorded interviews and voice-overs for work for years, and I’ve found the two best examples come preinstalled on your phone already, so they’re entirely free to use.

Read more
The best Samsung Galaxy Z Fold 5 cases: 10 best ones so far
Two Galaxy Z Fold 5 phones next to each other -- one is open and one is closed.

Samsung’s next-generation foldable is here with the Samsung Galaxy Z Fold 5. This iteration has some notable improvements, including a new hinge design that eliminates the gap from previous generations when the device was folded. You also get a 6.2-inch HD+ Dynamic AMOLED 2X display on the outside while having a 6.7-inch QXGA+ Dynamic AMOLED 2X display on the inside, with both screens having a 120Hz refresh rate. In other words, they're about as nice as you could ask for.

The Galaxy Z Fold 5 is made with premium materials, and the triple-lens camera system packs in a 50MP main shooter, 10MP telephoto with 3x optical zoom, and a 12MP ultrawide lens. There’s a 10MP selfie camera on the front cover, and a 4MP camera on the inner display. You also get a Snapdragon 8 Gen 2 for Galaxy chip inside for the best performance and power efficiency.

Read more
Google Pixel Tablet just got its first big discount and it’s worth a look
Google Pixel Tablet on its charging dock.

Tablets are a dime-a-dozen these days, with offerings from all the great brands including Apple, Samsung, Lenovo, and more. So, if you really want to stand out in a sea of similar tech, you need to do things a little differently. That's what Google's Pixel Tablet offers. How? It comes with a unique speaker dock that can be used to both charge the device and offer room-filling sound -- almost like a smart speaker add-on. Better yet, when your Pixel Tablet is docked it benefits from the Hub Mode, turning the device into a smart display, with digital photo frame support, smart home controls, and hands-free Google functionality. Of course, it could set you back at full price, normally $499 unless you find it included in a roundup of the best Google Pixel deals. Well, guess what? Thanks to a Best Buy Google Pixel Tablet deal, you can get it today for $439 and save $60. Hurry, though, it's part of Best Buy's recent 48-hour sale so it won't stick around for long.

Why you should buy the Google Pixel Tablet
Okay, okay, so in our Google Pixel Tablet review, Joe Maring did give it less than stellar remarks, but he called out its reliable fingerprint sensor, comfortability during use and excellent speaker dock. Honestly, how many tablets come with a matching speaker dock that transforms the entire experience? This tablet also marks a "lot of firsts" for Google, as it's the first tablet from the company in nearly five years, the first Android tablet in eight years, and can be converted into a smart home display with the speaker dock. All of which are notable milestones.

Read more