Forgot your password?
typodupeerror
Android Cellphones Security

Report: 99 Percent of New Mobile Threats Target Android 269

Posted by Soulskill
from the not-the-market-share-you-want dept.
MojoKid writes: "Google's open source Android platform has the distinction of being the most popular mobile operating system in the world. That's great in terms of dominating the market and reaping the rewards that come with it, but it's also for that very reason that Android finds itself the target of virtually every new mobile malware threat that emerges. According to data published in F-Secure's latest Mobile Threat Report (PDF), over 99 percent of the new mobile threats it discovered in the first quarter of 2014 targeted Android users. To be fair, we're not taking about hundreds of thousands, tens of thousands, or thousands of malware threats — F-Secure detected 277 new threat families, of which 275 honed in on Android."
This discussion has been archived. No new comments can be posted.

Report: 99 Percent of New Mobile Threats Target Android

Comments Filter:
  • by presspass (1770650) on Wednesday April 30, 2014 @05:42PM (#46884347)

    When Apple gets the market share that Android has, you'll see that Apple gets as many attacks as Android does.

    • Re:Market Share (Score:5, Insightful)

      by BasilBrush (643681) on Wednesday April 30, 2014 @05:54PM (#46884473)

      Of course Apple used to be the market share leader. But Android also had most malware back then too.

      It has nothing to do with market share. It's about security. The difference is a single curated market for Apple, vs multiple markets and no curation for Android.

      • [Citation needed]

        • For what?

        • by jo_ham (604554)

          [Citation needed]

          Oh, I don't know. Just pick any random slashdot thread where a security vulnerability in an Apple product is mentioned. Those comments seem to rely pretty heavily on "it's about security, not marketshare" when the tables are reversed.

          If it's good for the goose, it's good for the gander.

      • by AmiMoJo (196126) *

        no curation for Android

        Untrue. By default you have Play, Google's curated app store. You can install other app stores or side load, but the default is just Play.

        With great power comes great responsibility and all that. Besides which Apple's App Store isn't devoid of malware either, it's just a different kind of malware. My girlfriend is Chinese and there are a lot of Chinese apps, presumably not even visible in the western version of the store, that look extremely iffy. They ask you for random personal details, direct you to nast

        • Re:Market Share (Score:5, Insightful)

          by jo_ham (604554) <joham999&gmail,com> on Wednesday April 30, 2014 @06:53PM (#46884977)

          no curation for Android

          Untrue. By default you have Play, Google's curated app store. You can install other app stores or side load, but the default is just Play.

          With great power comes great responsibility and all that. Besides which Apple's App Store isn't devoid of malware either, it's just a different kind of malware. My girlfriend is Chinese and there are a lot of Chinese apps, presumably not even visible in the western version of the store, that look extremely iffy. They ask you for random personal details, direct you to nasty looking web sites, and have masses of rip-off in-app purchases and pay-to-win scenarios.

          You realise if an Apple user tried to spin that line in a story where 99% of malware was targeted at iOS they would be down modded into the ground, right?

          "Here's tangible, documented proof of 99% of malware being on Android, but hey, some Chinese apps on iOS 'look a bit suspicious' so Apple is bad too!"

          Laughable. Truly laughable.

        • and have masses of rip-off in-app purchases and pay-to-win scenarios.

          You don't have to be in the "shady" part of the app store for those. That's industry standard now.

      • No man. The Google Play Store is checked for malware and things like that. The issue is a lot of people install apps they got from somewhere else. But you know what? More power to them. At least they can pick other places to shop instead of Apple's one sure way or go to the highway.

        • The Google Play Store is checked for malware and things like that.

          Auto-running a virus checker on uploaded apps does not a curated app store make. Curation is a human activity.

          And Google Play is not free from malware. I've just been going through old Slashdot stories about mobile malware and most of the reports have been on Google Play (or The Android Market as it was previously known.). This notion that it's only the other stores that are a problem is false.

          But you know what? More power to them. At least they can pick other places to shop instead of Apple's one sure way or go to the highway.

          The freedom to have malware. One of the lesser known freedoms.

      • Re:Market Share (Score:4, Insightful)

        by Solandri (704621) on Wednesday April 30, 2014 @11:46PM (#46886525)

        Of course Apple used to be the market share leader. But Android also had most malware back then too.

        Apple was never the market share leader. [androidheadlines.com] The press just fawns over them like they were/are.

    • Re:Market Share (Score:5, Informative)

      by Anubis IV (1279820) on Wednesday April 30, 2014 @06:04PM (#46884547)

      I keep seeing this line trotted out, but it only serves to distract from the real issue.

      What I've seen time and again from these reports over the last year is that it isn't about Android vs. iOS: it's about app stores. The Google Play store, for instance, has been the source of very few malware incidents (i.e. something like 2-3% of the total). Most of the malware hitting Android is coming from third-party stores that are of questionable trustworthiness. As always, users should be advised to only install software from sources they trust. If iOS allowed users to install from third-party stores without jailbreaking, we'd be seeing the same problems on iOS, regardless of their current marketshare or lack thereof (besides which, marketshare is a measure that shouldn't be used in isolation when assessing the worth of a platform's users to developers, including malware developers).

      So, please, stop painting this as an iOS vs. Android thing. Regardless of platform, the users being affected by this stuff, in general, are those grabbing apps from untrustworthy sources. Focus your attention there.

      • Indeed, putting all problems into the "malware" category just confuses the issues.

        Viruses are the real problem, because even the most secure OS in the world cannot protect its users against trojans. "Enter my password to see the dancing kitty? Of course I will!"

      • Re:Market Share (Score:4, Interesting)

        by tlhIngan (30335) <(ten.frow) (ta) (todhsals)> on Wednesday April 30, 2014 @06:20PM (#46884689)

        What I've seen time and again from these reports over the last year is that it isn't about Android vs. iOS: it's about app stores. The Google Play store, for instance, has been the source of very few malware incidents (i.e. something like 2-3% of the total). Most of the malware hitting Android is coming from third-party stores that are of questionable trustworthiness. As always, users should be advised to only install software from sources they trust. If iOS allowed users to install from third-party stores without jailbreaking, we'd be seeing the same problems on iOS, regardless of their current marketshare or lack thereof (besides which, marketshare is a measure that shouldn't be used in isolation when assessing the worth of a platform's users to developers, including malware developers).

        So, please, stop painting this as an iOS vs. Android thing. Regardless of platform, the users being affected by this stuff, in general, are those grabbing apps from untrustworthy sources. Focus your attention there.

        The problem is, Google Play isn't available in a lot of places where Android is. Say China, for example.

        China's especially touching because the Chinese app stores are complete rubbish - full of pirated apps and Trojans and other crap.

        But even in North America or Europe, sticking with Google Play is limiting, because there are tons of legit app stores as well. Say, Humble Bundle or Amazon. But the problem is the checkbox is all or nothing - either you only use Google Play, or you allow everything.

        The problem with "let the user decide" is it ignores the ultimate reality of security - Dancing Pigs [wikipedia.org]. Basically a user cannot be trusted with their own security - they will always choose the least secure path if it gets them what they want. So if their friend shows them a new app they have to install manually, well, they'll do it.

        Hell, even on iOS jailbroken users get broken into constantly. Because they install OpenSSH, usually because some HOWTO said to install it. There have been many iOS worms and Trojans that exploit the fact that if you can SSH into an iOS device, it's jailbroken so you can do many more things.

        • Humble Bundle is available on the Google Play store. https://play.google.com/store/... [google.com]
          • by gnoshi (314933)

            True, but you still need to set your phone to allow installation of apps from untrusted sources to install Android apps purchased as part of bundles, don't you? (Because the Humble Bundle app installs them, not the Play store).

            This is an issue of transitivity of trust: Let's imagine that I trust Google Play to only include safe apps, so I install the Humble Bundle app from Google Play. However, in order to install any apps from the Humble Bundle store I have to allow the installation of all other apps. Inst

        • by AmiMoJo (196126) *

          By that argument all computing devices should be locked down and not allowed to be general purpose. The internet should be heavily filtered and turned into a walled garden. Some people might like that, but a lot would reject it.

          The thing about Chinese app stores is that they have got a lot better in the last couple of years. The reason why is rather obvious. The service provider usually provides the app store, and it is in their interest not to allow apps that rack up massive phone bills by texting premium

          • He didn't say anything about "should." He talked about "does." You're dragging him into a theoretical argument on the ethics of a curated platform he didn't start, largely because you can't win the technical argument about reality.

            Here's reality: since all malware is software, any computing platform that's designed to run as much software as possible will include more malware then a more restricted platform. That is the reality of the situation. Whether the trade-off is worth it probably depends on a lot of

          • By that argument all computing devices should be locked down and not allowed to be general purpose.

            So what you are saying is that NO platforms should exist that are locked down, so that non-technical users can be fucked every day all so that you can more easily install animated wallpaper.

            Why is not NOT OK to have a real choice, where people can choose a more open Android or a platform that ships with defaults that are vastly better for 98% of people that will own mobile devices?

            • by swillden (191260)

              Why is not NOT OK to have a real choice, where people can choose a more open Android or a platform that ships with defaults that are vastly better for 98% of people that will own mobile devices?

              That's a false dichotomy. Android is a platform that ships with defaults that are better for 98% of people that will own mobile devices. By default it only allows installation from the Google Play store.

              That said, I have absolutely nothing against people having a choice between iOS and Android (and whatever else). I'd be very, very concerned if the walled garden were the only option, but it's not.

        • "But the problem is the checkbox is all or nothing - either you only use Google Play, or you allow everything."

          Not true you can use the check box, install your third party application and the remove the check limiting installs to play store only again.

    • When Apple gets the market share that Android has, you'll see that Apple gets as many attacks as Android does.

      When Apple had more market share, the malware rate was for Android was still way higher. Just that back then Symbian, Windows Mobile and J2ME beat Android by a wide margin. http://www.themobilewebtrends.com/2013/03/why-android-is-most-unsecure-mobile.html [themobilewebtrends.com]

  • It isn't incredibly hard to make an OS that:
    During a special system boot: You can only install drivers and bootable items.
    During a security boot: You can only install software to its own directory, and it can't interact with other software or system files.

    There, you can't get a virus. Its up to the OS designer to decide how to share things securely. There are lots of options which can be secure to do that, and isn't worth talking about securing the very system.

    It is beyond me why we have modern OSe
    • by axlash (960838)

      It isn't incredibly hard to make an OS that...

      If it was easy, we wouldn't have so many viruses.

      • Its much easier to not even try at all. Remember Windows was written before the Internet was easily accessible by the public. Why do an expensive rewrite of an OS, when you can just sell your customers computers a sneeze away from getting a virus. Hey maybe even some of them are dumb enough to buy new computers and windows products when their last one gets slow.
    • by tomhath (637240)

      There, you can't get a virus

      Unless it finds a way to disguise itself as a driver or bootable item and interact with other files (which is what malware does).

    • During a special system boot: You can only install drivers and bootable items.
      During a security boot: You can only install software to its own directory, and it can't interact with other software or system files.

      There, you can't get a virus.

      Sure, now just don't have any errors in any of your user space code, or don't allow multiple programs to share code (all static links) -- Every program will need its own image decoding software, no two programs will interact, so the camera app won't be able to pass off an image to the QR code app which passes the data to your browser or price checking, or etc. apps, etc. So long as you keep the bits of each program in 100% (virtualized) isolation from each other, and NEVER allow outside data in to exploit

  • Security flaws weren't what made Windows the prime target for attacks. It was market share. So it makes sense that Android is being targeted, it has the market share (phones and tablets).

    Therefore, this should come as no surprise.

    All software has security flaws (bypassing software you have hardware vectors as well).

    Most any app could be malicious based upon the OS features it requests access to.

    Apples iOS ecosystem seems pretty secure, a big part of that is app review/rejection.

    • ...it makes sense that Android is being targeted, it has the market share...

      Speaking as an Android fan, that is a cop out. Better we should fully concentrate on examining the attack vectors and closing them. IMHO, the major attack vector is Google's project governance: Android is not a faux-open project, therefore gets a tiny fraction of the peer review that is possible. Next item on the list would be: a security model designed on a whiteboard in a marketing meeting. Typical megacorp engineering approach, by the way. Third thing to regard with high suspicion: Java and anything to

    • by mjwx (966435)

      Apples iOS ecosystem seems pretty secure, a big part of that is app review/rejection.

      Which is why no IOS device has ever been Hacked, erm sorry, I mean Jailbroken.

      I'm pretty suspect of these figures, I have no doubt Android is higher due to mainly higher market share and number of devices but also due to the freedom of the Android operating system making it easier for malware writers to hide malware in dodgy app stores (Personally, I'll keep the freedom and take the risk as the risk is so low it's almo

  • by Grizzley9 (1407005) on Wednesday April 30, 2014 @06:37PM (#46884835)

    That's great in terms of dominating the market and reaping the rewards that come with it,

    Hmm, I guess you've not seen the $ that Androids competitors bring in directly and for their developers.

  • by john_uy (187459) on Wednesday April 30, 2014 @10:03PM (#46886115)

    I use Windows Phone and get 0% malware. The 1% goes to IOS.

    Windows is indeed getting better. ;)

  • by jones_supa (887896) on Thursday May 01, 2014 @02:56AM (#46887161)
    This "99%" statistic for Android comes up every now and then, and what makes up for most of it, is the hazy third-party app repositories. If you stay in the selection of Google Play, you will mostly have your ass covered.

"Hello again, Peabody here..." -- Mister Peabody

Working...