Android malware scare: Truth or FUD?

By Richi Jennings (@richi ) - November 21, 2011.

Android logo
Is Andoid plagued by malware? Has there really been an 'exponential' growth in Android viruses, Trojans, and other malicious apps? In IT Blogwatch, bloggers ponder the FUD.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Brains Matter: Zombies in Contemporary Culture...

    Gregg Keizer reports:

According to Juniper's research, the number of Android malware samples...[including] variant[s]...increased by 472% since July 2011. The bulk of that growth occurred in September and October. ... The prime threat remains purposefully-malicious Android apps...crafted by criminals...then planted in either Google's official Android Market or in one of the scores of alternate download sites.

...

Google doesn't control what apps can be installed on an Android mobile device, as Apple does. ... Nor does Google vet apps submitted to the Android Market. ... At least three different waves of malware...were removed by Google only after they had been downloaded by an unknown number of users. ... Far more attack apps have appeared in Chinese app stores.   
M0RE

   John Leyden adds:

Juniper...is also seeing a growth in the sophistication of [Android] malware. ... One increasingly popular tactic is establishing a backdoor...that can later be used to push secondary infectors or updates.

...

Talk of exponential malware growth is alarming...but needs to be put into context: [it] started from a low base dwarfed...by the quantity of windows malware. ... Famed researcher Charlie Miller managed to get a malicious application into Apple's App Store, so [iOS] is not immune to problems.   
M0RE

Juniper's anonymous blog-toilers blog thuswise:

So who is writing these apps? ... [T]he same actors who originally wrote malicious code for...Symbian and...Windows Mobile. They shifted to Android given it gains significant market share. ... Statistically, this amounts to month-to-month sample collections on those platforms of 6%, 4%, 1.4%, and 0.93% for August, September, October and November.

...

[Is] Apple’s iOS...more...secure than Android?  Maybe, but it’s not necessarily because of the security [of] the platforms themselves. The main reason...is because of different approaches that Apple and Google take to police their application stores. ... There is still no upfront review process in the official Android Market.   
M0RE

But Brad Hutchings pours scorn on the premise:

Apple has pretty much been conducting security theater with its heavily curated approach.

...

[On] the continuum from wide open desktop execution to...the iOS execution model...running Java byte code in Dalvik is 98+% toward the latter.

...

Apple seem[s] to be guided by “keeping its 30%” rather than actually making...products that suited most segments of the market. ... The latest evidence, BTW, is the success of Financial Times’ HTML delivery for its content.   
M0RE

  Meanwhile, your humble blogwatcher destroys the idea:

"472% increase." ... Can that really be true?

...

The vast majority of these malicious apps can be found at the...[same] shady locations...where we saw previous infestations of Symbian and Windows Mobile malware. Back in the day, these also caused...concern. However, those worries were full of sound and fury, signifying nothing.

...

Android users are [not] four or five times more likely to infect their phones than they were a few months ago. ... [They don't] seek out apps from shady, no-name app stores. Neither do they delve into scarily-named settings menus, uncheck the box that restricts their phone to the Android Market, and ignore the dire warning.

...

Basically, this statistic is, if not a damn lie, then at least extremely carefully worded to imply that the Android Market is riddled with malware, while not actually saying so. ... It's just the latest scare by an Android AV vendor. ... Don't be fooled.   
M0RE

   And Finally...
A Brief History of the Modern Zombie: Revolutionizing Resurrection in the Empirical Age
  
 
Don't miss out on IT Blogwatch:

Richi Jennings, your humble blogwatcher

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. He's the creator and main author of Computerworld's IT Blogwatch -- for which he has won American Society of Business Publication Editors and Jesse H. Neal awards on behalf of Computerworld. He also writes The Long View for IDG Enterprise. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: itbw@richij.com. You can also read Richi's full profile and disclosure of his industry affiliations.

Copyright © 2011 IDG Communications, Inc.

  
Shop Tech Products at Amazon