The secrets of malware success in the Google Play Store

Regular readers of Naked Security will know that when it comes to Android malware, we have three primary tips:

  • Install patches for your device as soon as they are available. (Sadly, for some devices, that’s rarely or never.)
  • Use a product such as Sophos Free Antivirus and Security to keep an eye out for malware, dodgy websites, adware and other potentially unwanted apps.
  • Turn off Allow installation of apps from unknown sources in the Android security settings if you can.

The last option means that you lock your phone voluntarily to the Google Play Store, in much the same way that iPhones and Windows Phones are locked, like it or not, to their respective app stores.

The Google Play app market has a barrier to entry that includes numerous automated app vetting procedures that help to keep out ripped-off, risky, or downright criminally-minded apps.

So, given that the Play Store has an official gatekeeper, operated by Google itself, you may wonder why we also urge you to run a third-party anti-virus tool, and to go out of your way to grab patches as soon as you can.

The problem is easily explained: about 50,000 new apps are admitted to Google Play each month, with just under 2,000,000 apps in there altogether.

At that rate – more than one new app each minute – there isn’t a whole lot of time for scrutiny and due diligence, whether by human, or computer, or both.

Mistakes happen, to the point that during 2015, malware samples from more than 10 different families made it past Google’s checks and were installed more than 10,000,000 times.

Wouldn’t you love to know more about the techniques that crooks use to bypass Google’s safeguards, and what we can do to fight back?

Well, Rowland Yu, a researcher at SophosLabs, would love to tell you, in his paper The Secrets of Malware Success on Google Play Store.

The thing is, he’ll only get to present the paper, at this year’s RSA conference in San Francisco in March 2016, if he gets enough votes.

And that’s where you, dear readers, can help: by voting for him. (Anyone can vote, but if you’re registered for the conference, your vote apparently counts for a bit more.)

Rowland is a great friend of Naked Security, being a regular contributor to our Android articles.

When you read about Android security issues here on Naked Security, the behind-the-scenes research that makes the article possible is often Rowland’s work.

So, we’ve voted for him, as a sort of “thank you” to recognise the quality of his work on our behalf over the years…

…and we’d love you to vote for him, too!