Despite the stint of very cold weather here in Europe, the Android malware scene is definitely warming up.
In SophosLabs, we track the number of malicious Android packages acquired. I have to admit, even I was surprised to find that the number of malicious apps in our database has grown to over 4000, an increase of over 400% since December 2011.
Most of the malicious apps can be found on alternative, usually Russian and Chinese Android marketplaces, where several groups or individuals decided that creating applications that send SMS messages to premium rate numbers or installing additional components is the right way to make some money.
However, occasionally is malware found in the real Android Marketplace where it swiftly gets removed by the Marketplace security team as soon as it is discovered.
One recent example was a bit controversial. Several popular apps, published by at least three developers – iApps7 Inc, Ogre Games and Redmicapps, have been identified by Symantec as malicious and the original story was pushed by the Symantec PR department.
The claim was later disputed by the team from Lookout in a blog post that gives more details about the functionality of an advertising framework included with the offending apps.
It turns out that the Apperhand framework is related to an advertising framework used more than half a year ago by the Plankton app. I previously wrote that it is not clear whether this framework is malicious or not.
Indeed, we have to go back several years, to the birth of Potentially unwanted applications (PUA) on Windows, which would probably be the best way to describe the applications reporting to Apperhand.com. They are not inherently created with malicious intent.
Nevertheless, the advertising framework used by the developers to make money from free apps is an issue. If the user does not carefully read the EULA (End User License Agreement), they will end up with unwanted adverts on their device and potentially the loss of personally identifiable information.
Currently, Sophos does not have a PUA category for Android and we think that these apps have no place in a corporate environment. That is why Sophos products detect offending apps as Andr/NewyearL-B.
The race to create malicious packages which will remain undiscovered on the Google Android market for as long as possible is likely underway. These apps could lie dormant until a critical number of devices are infected.
As a consequence, soon we will see more obfuscated examples which will be more difficult to discover.
Until then, one of the better ways of steering clear of Android malware is to install applications strictly from official marketplaces like Google, Amazon or Barnes and Noble.
Stick with the more popular apps that are published by known developers and have been present on the market for a longer time.
Or possibly it's time that the simple apps all went open-source anyway.
I'm thinking air-hockey and pool, for starters. Novelty fake hair clippers, simple musical instruments etc.
These things can be free in all senses of the word on Android, in a way iOS doesn't allow.
And if people start catching on to open source as a trustworthy security audit for their phone, maybe they'll start to get it as a way to protect their desktops, too….
Open source, however, isn’t nessarily better. It can be abused, as evidenced by sheer number if malware aimed at the Android platform. As long as Google doesn’t vet their apps, the malware issue will only get worse. Android is too open, and as a result, is a much bigger target than iOS is. The quality of iOS apps are much more superior than on Android and games like Infinity Blade and Infinity Blade 2 will remain iOS exclusives. The other problem with Android is a 90% app piracy rate. With such a high percentage, who would want to develop for Android? There’s no return on investment and as a result, app quality on Android remains very poor. Android developers are starting to move to iOS, for this reason. Android is more about quantity, not quality. Apple has sold 37 million iPhones last year, and this indicates that quality sells. It’s no wonder why the iPhone 4S is THE number one smartphone. People want quality, and Apple delivers with quality products.
Open Source has nothing to do with the malware existing. Windows isn't Open Source, and it has plenty of malware to go around.
Also, I seriously doubt there's any 90% piracy rate. Can you back that claim up, or are you simply an Apple fan who wants to bash the competing products?
" iPhone 4S is THE number one smartphone" Give me a break! Obviously an Apple Fanboy. Apple smartphones have about 15% of the market (excellent for one manufacturer), but Android smart phones take about 57% of the market.
i agree with @jonFukumoto but although people want quality and cool features from their apple IPhones, unfortunately not many people are able to afford it. Android is the way for a vast majority of the population to enjoy the benefits of new trending technology as tablets and smartphones are introduced without the pocket tearing prices. www.pcrevealed.weebly.com