“Almost every Android device is compromised” turns out to be only almost true

If the blogosphere is to be believed, a BT security expert recently made an astonishing claim at a North American security event.

Jill Knesek is supposed to have made the observation that:

[BT] analysed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware.

More specifically, she noted that:

Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing.

Is that likely?

If one in three apps is infected, and the average device has – what? – ten apps installed, then it doesn’t sound terribly far-fetched that almost every device might be compromised.

But if it’s often not clear whether a device is infected, how can we be so sure that one in three apps really is compromised?

Perhaps the risk is much smaller and more knowable than Knesek suggested?

Emil Protalinski over at ZDNet went to the trouble of asking BT if they really were sure about that “one in three apps are dodgy” claim, and he seems to have received some good news: they aren’t.

So we can all relax:

During a panel discussion at a Net Events conference in Florida last week, a BT employee voiced opinions on malware risks within apps distributed to users of Android-based devices. Those opinions were reflective of information available from public studies. The BT employee also mentioned in passing the existence of some testing done by BT on Android devices. BT has indeed done some testing on both Android and Apple OS environments, but not necessarily on the scale reported by media articles in the last couple of days. BT has not released that information and does not intend to elaborate further on that topic at the moment.


The anti-malware industry cops enough flak – we write all the viruses, remember? – without this sort of misinformation. Knesek may well be “an employee” – but according to BT’s Secure Thinking blog, she’s also the Chief Security Officer of BT Global Services.

Android malware is on the increase, and it is a threat to keep in mind. But the sky is not falling. There are plenty of legitimate apps for the Android platform, and plenty of trustworthy developers in the vibrant coding community which has grown up around it.

If you’re an Android user and you’re worried about malware:

* Stick to the official Google Play Store. (Google doesn’t do a perfect job of keeping dodgy apps out – but a company that is smart enough to bring you Google Maps is unlikely to let one third of its officially-sanctioned apps get infected without noticing!)

* Stick to apps which have a positive history and a decent rating. (Crooks can and do play games with online clicks – click fraud is part of the business model for cybercriminals – but it’s tricky to sustain a good rating for a dodgy app once someone’s blown the whistle on you.)

* Consider using an anti-malware solution on your Android device. (Yes, Sophos just happens to have an Android anti-virus. Yes, it’s free. Yes, it scans newly-installed apps before you use them. Yes, it’s great. Yes, I would say that. Yes, it’s in the Play Store. Simply head there and search for “Sophos”.)

As Douglas Adams said, “Don’t panic.”