Lookout Security rebuts rival's Android malware claims
Symantec sees malicious behavior, but Lookout credits ad network supporting free Android apps
Computerworld - Researchers from Lookout Security disagreed with rival Symantec that 13 apps on the Android Market were malicious, instead saying that they showed the same behaviors as other ad-supported apps.
Earlier today, Symantec's Kevin Haley, a director with the company's security response team, said that 13 apps, some available in Google's official download store for at least a month, were created to distribute "Android.Counterclank," a Trojan that, among other things, modifies the browser's home page and bookmarks, and inserts a search icon that some users have said is impossible to delete.
Symantec estimated the number of downloads of the 13 apps at between 1 and 5 millions, prompting it to call the campaign the largest Android malware outbreak ever.
Lookout researchers disagreed.
"This is pretty clearly an ad[vertising] network that's similar to other ad networks," said Tim Wyatt, a principal engineer with Lookout, which markets a popular Android-specific security app.
Wyatt declined to identify the network he said was being used by the 13 apps -- which originate from three different publishers -- and that requests the permissions and exhibits the behavior Symantec dubbed malicious.
"This ad network does have the capability to enter bookmarks in your browser, which is different from other ad networks," Wyatt continued. "But a lot of its functionality is being embedded in other apps. Part of the business model of the company that owns the ad network is to add search conducted from apps."
Wyatt wasn't ready to call the apps' bookmark modifications over-the-line conduct, however, saying that Lookout is still investigating the 13 apps, as well as others that relied on different advertising networks for generating revenue for their free programs.
"I can tell you that this code [seen in the 13 apps] is not the only code for doing things like this," said Wyatt. "There are 10-plus ad networks that we track that have the same functionality."
Wyatt said that Symantec had "significantly overblown" the story by labeling the apps as Trojan-infected, and added that its rival had been "a bit premature" in coming to its conclusions.
Symantec did not respond to a request for comment on Lookout's assertions.
The debate over what is and what is not malware on Android is reminiscent of the argument years ago between security companies and developers over the term "adware," a software category that the former believed malicious enough to detect and delete, and that the latter saw as relatively harmless.
The dispute over adware -- and to a much lesser extent over the label "spyware" -- eventually led to several court cases. Currently, most security software detects adware as malicious or unwanted.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts