"Almost every Android device is compromised" turns out to be only almost true

Filed Under: Android, Featured, Malware, Mobile

If the blogosphere is to be believed, a BT security expert recently made an astonishing claim at a North American security event.

Jill Knesek is supposed to have made the observation that:

[BT] analysed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware.

More specifically, she noted that:

Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing.

Is that likely?

If one in three apps is infected, and the average device has - what? - ten apps installed, then it doesn't sound terribly far-fetched that almost every device might be compromised.

But if it's often not clear whether a device is infected, how can we be so sure that one in three apps really is compromised?

Perhaps the risk is much smaller and more knowable than Knesek suggested?

Emil Protalinski over at ZDNet went to the trouble of asking BT if they really were sure about that "one in three apps are dodgy" claim, and he seems to have received some good news: they aren't.

So we can all relax:

During a panel discussion at a Net Events conference in Florida last week, a BT employee voiced opinions on malware risks within apps distributed to users of Android-based devices. Those opinions were reflective of information available from public studies. The BT employee also mentioned in passing the existence of some testing done by BT on Android devices. BT has indeed done some testing on both Android and Apple OS environments, but not necessarily on the scale reported by media articles in the last couple of days. BT has not released that information and does not intend to elaborate further on that topic at the moment.


The anti-malware industry cops enough flak - we write all the viruses, remember? - without this sort of misinformation. Knesek may well be "an employee" - but according to BT's Secure Thinking blog, she's also the Chief Security Officer of BT Global Services.

Android malware is on the increase, and it is a threat to keep in mind. But the sky is not falling. There are plenty of legitimate apps for the Android platform, and plenty of trustworthy developers in the vibrant coding community which has grown up around it.

If you're an Android user and you're worried about malware:

* Stick to the official Google Play Store. (Google doesn't do a perfect job of keeping dodgy apps out - but a company that is smart enough to bring you Google Maps is unlikely to let one third of its officially-sanctioned apps get infected without noticing!)

* Stick to apps which have a positive history and a decent rating. (Crooks can and do play games with online clicks - click fraud is part of the business model for cybercriminals - but it's tricky to sustain a good rating for a dodgy app once someone's blown the whistle on you.)

* Consider using an anti-malware solution on your Android device. (Yes, Sophos just happens to have an Android anti-virus. Yes, it's free. Yes, it scans newly-installed apps before you use them. Yes, it's great. Yes, I would say that. Yes, it's in the Play Store. Simply head there and search for "Sophos".)

As Douglas Adams said, "Don't panic."


, , , ,

You might like

14 Responses to "Almost every Android device is compromised" turns out to be only almost true

  1. Dave Feland · 1169 days ago

    Well first of all, no one here has defined what they mean by 'malware'. Does it 'phone home' for no reason? Does it want permissions it doesn't need? They'd also call all the people that unlock their phones, or install third-party lockers and loaders 'compromised'.

    I'm glad you qualified this person's credentials - yes, I'd absolutely accept she knows what she's doing. Especially if what she's doing is scaring people - that would work to BT's benefit, wouldn't it?

  2. james · 1169 days ago

    Could you please give a direct link to the app so kindle users can download the app or just put in the amazon app market.

  3. VFAC · 1169 days ago

    Well, given the amount of time it take to write all of that malware it is not surprising that the industry doesn't have time to check its facts.

    After the Adams reference one can't help but think that purchasing apps from the official store has been recently changed from "Harmless" to "Mostly harmless".

  4. Cyborg · 1169 days ago

    A security company that advises people to "trust" Google because they are smart?

    I lol'ed.

    • Paul Ducklin · 786 days ago

      Glad you put "trust" in quotes...I didn't actually use that word :-)

  5. lewis · 1169 days ago

    There is so called malware readily available to purchase on many Publick hacking forums nevermind underground ones. Some are simple contact swipe ones that download all your contacts saved in phones, i can only assume that they sell these on to marketing companies.

    More advance ones are capable of downlaoding all ure pictures videos e.t.c and some which are becoming more popular that can perform silent messages to premium rate numbers.

    This shows that even apps within the actual official marketplace can contain some kind of malware, and also just because its a paid app and not a free one doesnt meen its not rogue.

  6. Rosie thiel · 1169 days ago

    FYI You have to enter Sophos Mobile security to find the app on playstore. Just putting in Sophos will not find it.

    • Paul Ducklin · 1168 days ago

      Following your comment I revisited my own advice - cleared my Play Store search history and entered "sophos" (without the quotes).

      By the time I had got to "soph", the top item in my search list was already "Sophos Mobile Security"...

  7. JMJ · 1169 days ago

    Rather than the gossipy rumor-mongering that mostly comprises the content of Emil Protalinski's original, and this "follow-up" article, it would be much more useful and journalistic to do a little real work and independently confirm/rebut the basic allegation made by BT's Jill Knesek. Actually doing such work would also lend a bit of credibility to your stated incredulity of Ms. Knesek's statement. It may not be as sexy as casting her as a hapless, too-quick-from-the-lip security pro but it would raise the level of your own contribution to the discussion

    Sophos has minable databases which could readily yield some *useful*, real information, I'm sure.

  8. Dallas · 1168 days ago

    And if you are so unfortunate as to have purchased a Coby tablet, you CAN'T get to the official Google Play store (unless ou root it and take the chance of Bricking" it. You are stuck with crap on "Getjar".

  9. JMJ · 1168 days ago

    Was my earlier post deleted? If so, why?

    Even though you hold the blue pencil, I certainly hope that even critical opinions can be voiced and HEARD here.

    You certainly offer enough of your own.

    • Paul Ducklin · 1168 days ago

      Your earlier post wasn't deleted - it arrived at 1am, at which time I was asleep. That makes your second question redundant. And there's no need to SHOUT. Right. Got that off my chest.

      I accept the criticism that this is not an article based on my own technical research.

      I _do_ link to some stats we have already published on the existence of Android malware, though I acknowledge they don't address the question of "what percentage of all apps are malicious." (As an aside, if that portion was 33%, or anywhere near it, I am confident we'd have said so in no uncertain terms :-)

      My point was to ask _you_, as a reader, what you thought of Ms Knesek's statements. _My_ reaction was, "That seems unlikely." And BT's official response seems to confirm that I was right in that reaction. It also seems to imply very strongly that she misrepresented BT's own analytical work, but we shall never know since BT also said, "Case closed, no more info will be provided."

      I stand by my opinion - unqualified though I admit it to be - that statements made in public which tend to overexaggerate the malware threat work against security in general.

      Nevertheless, your implicit question is a good one. What _is_ the true ratio of malware to non-malware for Android? More importantly - to acknowledge @Dave Feland's critique in the first comment above - what do we mean anyway by "malware" in the cloud-style closed-system shop-at-the-company-store locked-bootloader ecosystem of mobile devices? I guess I should do the work and find out!

      In the case of this article, would you be willing to accept it merely as an op-ed piece, and stand down from high dudgeon?

      PS. You have to admit, it _was_ an astonishing claim for her to make. I got that bit right, wouldn't you say?

  10. When you say to stick to the Play Store, are you saying you have reason to believe that Amazon's Android AppStore is less safe than Google's Play Store? That the company that is well known for its customer care is somehow less smart than the one that brought us Google Maps? Because I haven't seen any evidence of that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog