Google: Android Malware Threat is Vastly Exaggerated


Related Stories

  • Mobile Malware Hits the 1M Mark
    Android-based mobile malware and high-risk apps have reached the one million mark, according to a study from Trend Micro.
  • Google Pulls Android iMessage App Over Data-Harvesting Issue
    Google has yanked a new mobile app from the Google Play store that lets Android smartphone users connect to Apple iMessaging for iPhone-Android crossover chats. The way the app works to connect the two disparate operating system platforms involves a boomerang maneuver that sends the data to China, where user log-in details, credit card number and other info could be easily siphoned off.
  • Mobile Pwn2Own to Pay $300K for iPhone and Android Zero-day Exploits
    Itching to jailbreak Apple's iOS 7? Ready to root a Samsung KNOX phone? Frothing at the mouth to show vulnerabilities in the iPhone 5S fingerprint reader? And get paid for it? Well if so, you’re in luck: HP’s Zero Day Initiative (ZDI) has announced the second annual Mobile Pwn2Own competition, to be held on November 13–14 of this year.
  • War of the Trojans: 'Alien' Invasion Spreads Third-Party Malware
    A nasty Android trojan, dubbed Obad.a, is being spread using botnets controlled by other criminal groups and created using a different malware – an “alien” distribution scheme that has peaked researcher interest.
  • Samsung Bundles Anti-virus into Android KNOX
    Samsung is looking to thicken the walls, as it were, in its Android KNOX security-hardened mobile devices, by bundling in enterprise anti-virus from Lookout Software.

Top 5 Stories


Google: Android Malware Threat is Vastly Exaggerated

04 October 2013

Legions of vendor reports have highlighted the sheer pervasiveness of Android malware: that there are now 1 million samples in the wild; and that 99% of all mobile malware is Android-related. Google however says that the actual threat has been vastly overblown, and that most malware is caught in its multi-layered defense strategy before users ever install it.

New data from the search giant presented at the Virus Bulletin conference in Berlin shows that less than one per million (0.001%) downloads of Android app installations from Google Play are actually malicious and cause harm to smartphone and tablet users. This is released at the same time that a Trend Micro report shows that Android-based mobile malware and high-risk apps have reached the one million mark. 

Much has been made of Google’s open-source approach to Android and the resulting security issues. Unlike Apple, which vertically integrates the hardware and software stack with strict parameters for use and development, Google throws open the Android OS for coding by third parties in a much less controlled fashion. Each handset-maker has the latitude to tweak the software for their devices, which is why the Samsung Galaxy experience is so different from, say, the Kindle Fire, even though both run on Android. Google also leaves it up to individual device-makers to decide their policy on “rooting” (the equivalent of jailbreaking), and has had little involvement when it comes to regulating any rogue app stores—of which there are many. As a result, innovation has accelerated—but malware authors have seen a fertile field to sow their seeds of data theft and illegal revenue generation; particularly since, according to IDC, Android had 79% of the smartphone market share as of the second quarter of 2013.

But Google’s Android security chief Adrian Ludwig, speaking at the conference, said that while there may be hundreds of thousands of Android malware samples in the wild, there has been no correlation by vendors with how frequently a malware app has actually been installed—thus exaggerating the threat level.

Ludwig also defended Google’s open innovation model: “A walled garden systems approach blocking predators and disease breaks down when rapid growth and evolution creates too much complexity. Android’s innovation from inside and outside Google are continuous, making it impossible to create such a walled garden by locking down Android at the device level.”

He continued with his biomedical analogy, noting that “The [Center for Disease Control] knows that it’s not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks.”

For instance, the Verify Apps swings into action when an app is downloaded, crunning it against a database of malware; it then warns the user if the app is potentially harmful. And, the warning system is apparently having its desired effect: only 0.12% of users chose to ignore the warnings and install potentially hazardous apps. Other defenses include runtime security checks and sandboxing.

“An application that a user installs from a link within a text message would be included in these statistics,” he explained, responding to an assertion that most Android malware is delivered and installed from a text message. “Some of the short one- to two-day increases in ratio of installs per million apps can be attributed to text messaging or email spam campaigns.”

Ludwig said that almost 40% of malicious apps are faux apps that claim to do one thing but are actually premium SMS scams. And 15% are spyware and theft apps, like keyloggers and ad tracking. Another 40% are rogue apps that are considered “potentially harmful” by Verify Apps, but aren’t necessarily malicious.

He said that his team analyzed data from more than 1.5 billion app installs to arrive at the data points.

This article is featured in:
Industry News  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×