Every time Apple holds an product release event or developer’s conference, they generally start out by quoting statistics… Total App Store downloads, sales figures, web usage figures, etc. Unfortunately for Android users, there’s a new statistic out and it’s pretty scary. In their most recent Security Roundup, TrendMicro revealed that the number of malicious and high-risk Android apps has grown by 350,000 in the last six months. This brings the total number of malware apps to approximately 719,000 in Q2, up from around 509,000 in Q1. If this rate of growth remains continuous, there will be well over 1,000,000 malware-infested Apps available to unwitting Android users by the end of the year.
Most of these new malware apps are spoofed versions of popular apps that are loaded with Trojans. More than half of the new apps followed a popular malware trend of automatically signing up users for expensive subscription-based services. Unfortunately, the rise in Android malware is the smaller part of the security concerns laid out in the report.
Almost 99% of Android devices are vulnerable to the Android Master Key Vulnerability. It allows apps to be installed or modified without users’ permission. This vulnerability can be exploited to replace legitimate apps with the malware-infested variety. Google has already made a patch to prevent users from falling prey to hackers using this method, but the patch is still being processed by most major cell carriers.
The latest in Android malware is reminiscent of PC malware in its operation. There is OBAD, which works somewhat similarly to a PC rootkit or backdoor. FAKEBANK spoofs legitimate banking apps in order to steal financial data, similar to the PC banking Trojans. And no lineup of malware would be complete without the classic fake antivirus – FAKEAV, which serves as a precursor to phishing efforts.
The “top ten” list of countries where Android malware has been most frequently downloaded included many developing economies. China, Mexico, Vietnam and Venezuela were noteable additions to the list. India, Malaysia, and Russia improved their positions, but still remain among the top ten.
When Apple announced the App Store, there were alot of questions regarding security, and Apple responded by talking a bit about some (but not all) of the things they were doing to prevent this situation, and stated sandboxing, along with a closely curated market were some of the steps they’d take to ensure safety. Many Android users have complained to me that Apple was too strict with their App Store, and they preferred an “open” market. I wonder what their take is now.
If you’re an Android user, I’d like to hear from you on this. Does this report make you nervous about the security of your smartphone? Have you dealt with Android Malware in the past? Do you think it is cause for concern, and if not, what is your strategy for keeping your device secure? Click the comment cloud on the top right of this page.