A tone called malice
Android devices are increasingly under attack from the scourge of malware, writes Rod Chester
FOR users of the 900 million Google Android gadgets circulating the globe, statistics on the dramatic rise of Android malware are alarming.
Security companies, including Juniper Networks and Bitdefender, report an explosion in Android malware, with Trend Micro predicting Android malware cases will hit 1 million by the end of the year.
But there are those, such as Google engineer Chris DiBona, who say causing alarm is the motivation for the anti-virus companies, who identify the problem then market products to address it.
Back in 2011, DiBona notably attacked anti-virus companies as playing on consumers’ fears.
Google tackled the problem of malware when it launched its Bouncer scanner to detect malware in apps on its app store, Google Play. New Android software, Jelly Bean, also scans for malware in apps installed from outside the store.
Trend Micro security research global vice-president Rik Ferguson identifies this as the security industry’s ‘‘ embarrassing problem’’.
‘‘ For years, they’ve been warning ‘ mobile malware, it’s coming’ and yet the dangers have not reached a critical point,’’ Ferguson says. ‘‘ We have a problem persuading the world at large that we are not crying wolf yet again.’’
Bitdefender chief security researcher Catalin Cosoi says the flaw in the argument that antivirus companies are over- hyping the problem to generate sales overlooks that some antimalware tools are free.
‘‘ People believe we’re making up statistics so we can scare them into using our products,’’ Mr Cosoi says.
‘‘ We don’t make up statistics. We say this is the problem. Yes, we would love them to use our product but we’re not pushing that.’’
Helping to persuade sceptical Android users that the threat is real is a growing number of studies showing malware apps spreading.
Wedon’t make up statistics. Wesay this is the problem
Trend Micro’s March release shows of the 2 million Android apps it examined, 293,091 were outright malicious and 150,203 were high-risk.
One of the points made in playing down Android malware risks is that it mainly affects those who download apps from Russian and Chinese app stores.
But the Trend Micro study found that of the 293,091 malicious apps, 68,740 were in the Google Play app store.
F-Secure Labs last month published its Mobile Threat Report for the first quarter of 2013 which identifies the Android Trojan Stels as a ‘‘ gamechanger’’. It uses a fake email, claiming to be from the US Internal Revenue Service, to obtain sensitive information from the Android device and directing it to SMS premium numbers owned by the hackers.
The report also identifies the first confirmed targeted attacks in the mobile space, with Tibetan human rights activists targeted with an Android malware-infected attachment.
Cosoi says the launch of Bouncer reduced malware from the Google Play store but there were new risks for Android users, namely legitimate apps with ‘‘ aggressive adware’’.
He says step one for Android users wanting to protect themselves was to look at the permissions apps required before installation, or by using a free tool such as Bitdefender’s Clueful app to examine installed apps.
Cosoi says it makes sense for some apps to require a wide range of permissions, such as checking your contacts or accessing photos, but for other apps needing just three permissions could be suspicious.
‘‘ For instance, why would a game need to initiate phone calls?’’ he asks. Listen up: Android users need to be wary of the increase in malware.