Android Intelligence Analysis

The Android malware monster will never die

But here's the dirty little secret security software vendors don't want you to know: There's really no reason to be scared.

Android Malware Monster

BREAKING NEWS, gang! The abominable Android malware monster has been spotted roaming the wild, wild Web once again -- lurking in dark corners and jumping out to shout "BOO!" at anyone who looks his way.

You remember this lumbering loon, don't you? He's the goofy fear-monger that shows up on these here Webs of Inter once every month or so. And no matter how many times we wave him away, he just keeps coming back -- somehow even more desperate to get our attention each and every time.

The Android malware monster's latest scare campaign, if you haven't heard, revolves around a super spooky-sounding Big, Bad Virus™ called "Android.Lockdroid.E." The enemy apparently entices unsuspecting victims by disguising itself as an app called "Porn O' Mania" (yes, really! -- and here I thought that was just an affectionate nickname for my teenage years).

For more, let's turn to the dramatic language experts at Symantec, who "discovered" this menacing beast and did us all the public service of making it sound as threatening as humanly possible:

Symantec has found an Android ransomware variant (Android.Lockdroid.E) that uses new tactics, involving a fake package installation, to trick users into giving the malware device administrator rights. As well as encrypting files found on the compromised device, if administrator rights are obtained, the malware can lock the device, change the device PIN, and even delete all user data through a factory reset.

HOLY HELLFIRE, HARRY! I think I voided my warranty just by reading that.

If you don't want to coddle your phone in blankets and head underground to the nearest bunker yet, hang on: The Symantec do-gooders have plenty more panic-inducing info to share about this terrible, horrible, no good, very bad demon.

A blog posted on Symantec's site and repeated with hair-raising headlines by various news organizations (including, yes, this one) goes into great detail about how "Android.Lockdroid.E" can get around Android's security systems and perform all sorts of "aggressive extortion" -- aggressive extortion! -- to take over your device. Heck, if you aren't careful, it might even eat all your candy and swap out your Dr. Pepper for Mr. Pibb (THE HORROR!).

Our Symantec pals wax poetic for a whopping 750 words before mentioning a teensy, weensy asterisk to all of this (emphasis mine):

The malicious app is not found on Google Play and may be downloaded from third-party app stores, forums, or torrent sites. Users who have Google Play installed are protected from this app by Verify Apps even when downloading it outside of Google Play.

Oh yeah -- and on top of that, security measures implemented in Android 5.0 also directly prevent the app from doing anything dangerous.

In other words, it is a Big, Bad Virus™ that is going to ruin your device and destroy your life -- unless, you know, you have pretty much any reputable Android phone in a country where Google operates, in which case Google's security systems will keep the thing from doing any harm. Oh, and you won't find it in the Play Store, either; you'll have to go out of your way to dig it up in some shady porn forum and then download and install it from there (but it almost certainly still won't damage your phone even if you do).

So to translate, this thing is a threat to practically no one. But -- don't forget! -- you should probably install Symantec's awesome virus scanning software and fork over 30 bucks a year so it can keep you safe. That's what the company's oh-so-helpful blog recommends, of course.

This, my friends, is precisely why you should never take Android malware scares at face value. It's the same silly sort of scare-tactic we've been seeing for years with Android, and these days, it's sillier than ever.

Remember: Android now has its own built-in multilayered security system. The operating system actively scans your device for threats on several levels, both on the server side at the Play Store and on your phone as new apps arrive (from any source) and continuing over time. The software automatically monitors for signs of SMS-based scams, too, and the Chrome for Android browser keeps an eye out for Web-based threats as well.

Factor in the fact that Google also provides a native cross-platform system for remotely tracking, pinging, and erasing lost devices -- and there's really very little reason for anyone to install a third-party "security suite" like Symantec's. (Exception: if you just enjoy throwing money into the breeze and having an app eat up your system's resources for no apparent reason.)

The antivirus software manufacturers know this -- and that's why they work tirelessly to spread the legend of the Android malware monster and the fear that accompanies it. Think about it: It's no small coincidence that nearly every Android malware scare is propagated by a company that makes its money selling anti-malware software for your phone.

So the next time you see a scary headline about some new Big, Bad Virus™ on the brink of blowing up your Android phone, ask yourself the following questions:

  • Who's behind the "research" driving this story, and what is their motivation?
  • Is this threat related to something I'm likely to download and install, or does it revolve around some weird random app no normal person would ever encounter?
  • On the off-chance that I did somehow install the trigger, would my phone automatically protect me from anything harmful?
  • Has any normal user actually been affected by this in the real world?

Once you start looking at these things critically, it doesn't take long to realize that the threats are almost always purely hypothetical -- and the chances of an actual infection for a typical user in the real world are generally next to none. (For a broader perspective, ask yourself this: How many times have you heard about any actual person catching any virus on his or her phone?)

If you really want to make sure your device is safe, take a few minutes to perform a personal Android security audit. You'll find that most everything you need to keep the Android malware monster at bay is already in your hands.

The Android malware monster will never die, folks -- the anti-malware software peddlers will make damn good sure of that -- but when it comes to neutralizing his scary growls, knowledge and logic are the most effective weapons of all.

Android Intelligence Twitter
Why is Apple letting Macs rot on the tree?
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies