Despite Google tightening Android’s security screw, by introducing an additional layer of security to the Play Store earlier this year to scan for malicious code (and its September acquisition of online virus and malware scanner VirusTotal), Android’s malware problem has surged in the third quarter. Security firm F-Secure’s latest mobile threat report (for Q3) reports “a whopping 51,447 unique samples” detected in the third quater, up from 5,033 in Q2 and 3,063 in Q1.
The following graph from the F-Secure report illustrates the surge in detected malware on the Android platform
With Android now accounting for 75 percent of total smartphone shipments globally it seems inevitable that Google’s OS is the number one target for mobile malware. And indeed F-Secure notes the malware surge may be “a natural consequence of continued high growth”. It believes Android’s growth — especially in regions such as China and Russia with “less secure” third party app markets — is a more likely explanation for the malware surge than malware makers finding a way to circumvent Google’s Play Store scanning system
The surge may better be attributed as a natural consequence of the continued high growth in Android smartphone adoption this quarter, particularly in regions such as China and Russia. In fact, in Q2, China officially surpassed the United States as the largest market for smartphones, with Android handsets accounting 81% of that market.
These expanding markets have also been notable for the proliferation of less-secure third-party apps markets, which are popular with users for various reasons. This factor may also account for the increasing number of malicious samples seen this quarter.
The majority of the new Android malware detected by F-Secure in Q3 are designed to “generate profit from SMS sending activities or by harvesting information found on the infected device”, it notes — whereas earlier this year driveby malware was the most prolific.
We’ve reached out to Google for comment and will update this story with any response.
Commenting on Android’s security situation last month, a Google spokesman told me: “We are committed to providing a secure experience for consumers in Google Play.”
Mountain View claims its data on Android malware shows a 40 percent decrease in “the number of potentially-malicious downloads from Google Play” between the first and second halves of 2011.
Google takes various measured to tackle malware. Earlier this year, when it introduced its app store scanning system — codenamed Bouncer — Hiroshi Lockheimer, VP of Engineering, Android explained how it worked in a blog post
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
In addition to scanning for malicious code, Google’s security approach includes Content policies that Android developers must adhere to — also tightened up this summer — along with what it describes as “a multi-layered security model based on user permissions and application sandboxing”. Any apps that violate Google policies are pulled from Google Play — but of course that does not stop them being offered on third party app markets.
F-Secure notes that the release of Android 4.1 Jelly Bean included “a number of exploit mitigation features as part of an ongoing effort to improve security on the platform” (Engadget reported Jelly Bean adoption had reached 1.2 percent of Android phones and tablets as of September).
The Android malware identified by F-Secure is not broken down by app store source — so it’s not possible to determine what proportion comes from the Google Play store. “We can’t produce stats on the amount of malware from Google Play vs elsewhere as most of our samples come via anonymized sources,” Mikko Hypponen, F-Secure’s chief research officer, told TechCrunch.
Comment