Topic: Malware
Google Provides an Update on Android Security (Mar 23, 2017)
This is a year-in-review post from the Android security team, and it’s supposed to be reassuring on the state of Android security. However, there are several fairly worrisome data points in here worth pulling out. Google says 0.71 percent of all Android devices had a “potentially harmful app” installed at the end of 2016, so almost 1% of the roughly 1.5 billion Android devices in use, which amounts to almost 11 million actual devices, and that number has risen rather than fallen in the past year. Secondly, even though Google has been working with carriers and OEMs to push security updates to devices outside the very slow OS upgrade cycle, about half of devices in use at the end of 2016 had not received a platform security update in the previous year. Given how frequently Android exploits are discovered, that’s pretty worrying. On the plus side, Google has reduced installations of malware from the store by around 50% across several categories, which is obviously good news, but the fact that it acknowledges some of the apps installed from the official store still contain malware is a sign that it isn’t doing its verification job well enough.
via Google
99% of Mobile Malware Targets Androids Because of Open Store and Infrequent OS Updates – F-Secure (Feb 15, 2017)
This data comes from the blog of F-Secure, a European cyber-security company which tracks malware. The key finding here shouldn’t be a surprise – Android sees 99% of malware activity on mobile, for three simple reasons: it has by far the largest share, its app stores are open and often weakly policed, and Android devices are often very slow to get OS updates and software patches, although it has been doing better on that last point recently. Interesting, there’s still far more malware being created for Windows PCs than Android, even though there are fewer of them, but the range of malware being created for Android is approaching that which targets PCs, even though the main focus is still trojans. All of this, of course, only serves to reinforce the narrative about Android being insecure.
via F-Secure
New exploit turns Samsung Galaxy phones into remote bugging devices – Ars Technica (Jan 25, 2017)
This is another one of those occasions where Android’s relatively open and complex structure allows for malware which couldn’t exist on iOS. In this particular case, it’s the layering of third party software (a customized version of the SwiftKey keyboard) on top of a customization of the UI and services (by Samsung) on top of the Android base layer. To be fair, this attack isn’t nearly as broad a threat as malware distributed through the Google Play Store – it requires a man in the middle attack and is therefore mostly a risk to those who might be deliberately targeted by hackers – but it’s still not good news, especially given the wide distribution of the devices in question. The complex route security patches have to take in the Android world is another element that will hamper the resolution of this issue.
via Ars Technica
Virulent Android malware returns, gets >2 million downloads on Google Play | Ars Technica (Jan 23, 2017)
Malware continues to be one of those things that essentially only affects Android in the smartphone world – iOS is for all intents and purposes immune to it because of the strong review process that all apps go through and because apps are sandboxed within the OS. The biggest single downside of Android’s relative openness is this vulnerability to malware, and that’s especially worrisome when the malware is distributed through the official Google Play Store. The numbers here are small in the grand scheme of the Android installed base of well over a billion users, but if you’re one of those two million, that doesn’t matter.
via Virulent Android malware returns, gets >2 million downloads on Google Play | Ars Technica