Report: Android Has Become the Ultimate Malware Platform

[Guest]

Security software company AVG recently released its second quarter threat report. Besides the usual updates on desktop-focused malware, rootkits and malicious websites, AVG has spent time on analyzing the evolving threat landscape for mobile devices.

Report: Android Has Become the Ultimate Malware Platform : Read more

 

[mihaimm]

I know I paid about 12$ for SMS I haven't sent... After I re-rooted the device, the problem stopped. So... I'm guessing this is true... sad.

 

[Guest]

Nice Headline, becoming a target = Ultimate target? LMOA! REALLY?!?!?! I noticed that they referenced Mobil Devices 99% of the time and mentioned Adroid 1 time. Let me guess, you typed this on a Mac Book Pro.....

 

[aracheb]

[citation][nom]uncle_bob[/nom]Nice Headline, becoming a target = Ultimate target? LMOA! REALLY?!?!?! I noticed that they referenced Mobil Devices 99% of the time and mentioned Adroid 1 time. Let me guess, you typed this on a Mac Book Pro.....[/citation]
is gruener, so everything that is bad and is android is the ultimate malicious evil.
if is bad and is apple, is just a necessary evil.

This guy should get fired for giving one side history all the time..

 

[A Bad Day]

One of my friends who had an Android thought that security problems only existed with PCs.

I pity her.

 

[schnitter]

This is expected of a rapidly growing platform that is 100% open.

 

[Guest]

The big problem is that their is not enough education with mobile users about the potential for malware to get on these mobile devices. Google and its Android store is more reactive then proactive to malware in apps. I think too that even Apple which touted for years its Mac's were immune are basically doing the same thing to IOS devices.

 

[Netherscourge]

Microsoft is so happy about this - Windows is now in 2nd place in the Malware-Infected Platform race.

 

[syrious1]

[citation][nom]Netherscourge[/nom]Microsoft is so happy about this - Windows is now in 2nd place in the Malware-Infected Platform race.[/citation]

When did you see a win7/7.5 get infected? I must have missed that.

 

[Guest]

I'm curious because I'm considering switching to the Android plateform, but is the Market (Play) infested or is it primarily when someone install software form other stores ? Are the applications available in the Market checked (I'm guessing to a certain extent) ? I know that the AppStore also has infested apps, but I already know that 'universe', which is securing to me !

 

[pjmelect]

When did you see a win7/7.5 get infected? I must have missed that.

Unfortunately I see this all the time, although Windows 7 is much less likely to get a virus infection than Windows XP Windows 7 still gets infections particularly with naive users.

 

[antilycus]

$ 35/month unlimited data, voice, text for android (boost mobile, contractless phone using sprint's network)

$100ish a month for limited data, unlimited voice and text for Apple

$65 /month saved x 12 months (1 year) = $780 more in my pocket a year than iPhone users....

I deal with the malware if I ever actually get any.

 

[house70]

Typical PEBKAC... or should I say PEBPAC.
Quit installing pr0n apps and you should be fine.
If you don't know what a permission is, don't allow it.
If you don't know what to do with your rooted phone, don't root it. By default Android has all the checkpoints in place (no debugging, no unknown sources, etc), but it allows one to remove them IF they think they know what they're doing.
Anyone can write apps for Android, just like in desktop world, it's the user responsibility to KNOW what they're downloading and installing on their system.
If you're not capable to use common sense and a gram of brain power while using your phone, just go back to the walled garden of iOS, let Apple do the thinking for you and don't install anything that doesn't come straight from them. Oh, and don't think of jailbreaking that, either, or you'll end up in the same spot. Of course, you could have achieved the same leaving that Android phone alone instead of screwing with features you don't understand, but again, you can't use common sense....

 

[jojesa]

I have 4 android devices at home no malware.
I have been installing Avast! or F-Secure on family, friends and colleagues and have not found one single piece of malware on android devices yet.

But in the last 3 months I have removed viruses from 17 Windows PCs (6 Win Vista and 11 Win 7).
How come Windows is down to #2? I doubt those results.
What I found is that some unscrupulous companies (e.g. Thumbplay Ringtones, LLC) that sign users to their services just by clicking on some ads or replying to a survey text message.
This is how they get you
You receive a text message (SMS) from a number you don’t know, or an ad offering you a very cheap or even ‘free’ ring tone.
The message or ad doesn’t include the terms or conditions of the offer.
The message doesn’t mention the cost of the first ring tone or any ongoing costs.
It is not clear how you can stop receiving ring tones.
The message does not mention the name of the company offering the ring tone.
The number you are asked to reply to begins with 19 (these messages are charged at a premium rate).

 

[scythe944]

Thank god for avast mobile!

 

[house70]

[citation][nom]freespeech1981[/nom]I'm curious because I'm considering switching to the Android plateform, but is the Market (Play) infested or is it primarily when someone install software form other stores ? Are the applications available in the Market checked (I'm guessing to a certain extent) ? I know that the AppStore also has infested apps, but I already know that 'universe', which is securing to me ![/citation]
That sense of false security is more dangerous, because people just assume that everything that comes through Apple's pipeline must be safe. Wrong. I'd rather know about the permissions that any app requires before it gets installed and if I see something fishy I don't install it.
Google Play (former Android Market) has about the same level of safety as any other Marketplace for apps. There is also SlideMe and Amazon Appstore, both pretty safe as well. You can choose to play it safe and keep the phone unrooted, USB debugging disabled and Unknown Sources unchecked for a while (or forever, up to you) until you get more comfortable with the OS.
Remember, just like that say "guns don't kill people, people kill people", you can apply that to cellphones as well: cellphones don't get infected by themselves, users infect them by their actions.

 

[wildkitten]

[citation][nom]jojesa[/nom]I have 4 android devices at home no malware.I have been installing Avast! or F-Secure on family, friends and colleagues and have not found one single piece of malware on android devices yet.But in the last 3 months I have removed viruses from 17 Windows PCs (6 Win Vista and 11 Win 7).How come Windows is down to #2? I doubt those results.What I found is that some unscrupulous companies (e.g. Thumbplay Ringtones, LLC) that sign users to their services just by clicking on some ads or replying to a survey text message.This is how they get youYou receive a text message (SMS) from a number you don’t know, or an ad offering you a very cheap or even ‘free’ ring tone. The message or ad doesn’t include the terms or conditions of the offer.The message doesn’t mention the cost of the first ring tone or any ongoing costs.It is not clear how you can stop receiving ring tones.The message does not mention the name of the company offering the ring tone.The number you are asked to reply to begins with 19 (these messages are charged at a premium rate).[/citation]
I think the point is that the potential is there for malware writers to make money off this, a lot more money, and because so much can be done that a lot of people won't consider immediately as suspicious activity that there is a bigger threat.

One thing Linux fans can no longer say is Linux can't get malware.

 

[tntom]

@ freespeech
You are correct in that their is malware in Google's Play Store just a little more than Apple's AppStore. If you stick with apps with high downloads, high ratings, good developer app description,good grammar/translation, and an update history, you should have no problem. Leave your Android set to not install non-Play Store apps. And just as on any platform don't install apps of skimpily dressed woman (bait-ware). Most malware comes from downloading from websites outside of the Play Store that offer alternatives of legitimate apps for free.

Notice AVG said "Their malware, often attached to popular and seemingly non-suspicious applications in slightly altered packages" What is not said is these are usually popular programs that have been hacked, modified and uploaded to sites outside of the Play Store. These alternative stores instruct you to disable 'install software only from Google Play' setting.

Wolfgang in the past has usually done better reporting than this. But this comes off as fear mongering.

 

[house70]

"Android is apparently prime target for rooting a mobile device. "
What? Sense? Does? That? Make? You talk about rooting achieved via this malware? That would be great, if it were possible, because would eliminate the need for custom recoveries, unlocked bootloaders and rooted ROMs/kernels to achieve that. A simple SMS-based code would be enough, a Nirvana for developers....
Welcome back, Gruener. Articles where you don't understand what you're talking about are your specialty, indeed. From "becoming a target for hackers" to "ultimate malware platform" was only a step that Gruener could take (it requires us, the readers of the article, a lot more than that, as Android is only mentioned about 3 times and mostly AVG addresses mobile platforms overall).

 

[headscratcher]

Anything from Google IS malware

 

[kronos_cornelius]

If you stick with reputable markets and don't install apk out from the Internet you should be fine. These things happen because people take the safety components off their phone like "allow installing third party app" and such and then get scared for the consequences.

If you like to tinker with your phone, have one to play with (root... etc) and have another phone that you use for your personal accounts and payment information. The problem starts when you root your main phone and install apps without concern for what permissions they ask for or where the apps come from.

 

[belardo]

After reading this article, I DL and installed Avast on my 2 year old Android. No viruses in any apps.
It showed about 18 apps that have access to my location - some of this info is important for certain apps to work right (GPS / weather). A few games like Angry birds - which relies on ADS to know what state or city I am in.

When I install any APP, I try to see if its legit as possible. Feedback from others, etc. I have NOT DL some apps after looking at the info and what they want access too. Its not hard.

People who infect their phones with porn apps or the same ones who do it to their desktops.

 

[sundragon]

[citation][nom]house70[/nom]Typical PEBKAC... or should I say PEBPAC.Quit installing pr0n apps and you should be fine.If you don't know what a permission is, don't allow it.If you don't know what to do with your rooted phone, don't root it. By default Android has all the checkpoints in place (no debugging, no unknown sources, etc), but it allows one to remove them IF they think they know what they're doing.Anyone can write apps for Android, just like in desktop world, it's the user responsibility to KNOW what they're downloading and installing on their system.If you're not capable to use common sense and a gram of brain power while using your phone, just go back to the walled garden of iOS, let Apple do the thinking for you and don't install anything that doesn't come straight from them. Oh, and don't think of jailbreaking that, either, or you'll end up in the same spot. Of course, you could have achieved the same leaving that Android phone alone instead of screwing with features you don't understand, but again, you can't use common sense....[/citation]

Android lovers: Thou dost protest too much!

AVG isn't making up the numbers, it's a negative consequence that comes from the freedom of having an open system. Google needs to police their store better.

Making PEBKAC jokes makes you sound like a tool with iDevice envy. Users aren't going to transform into 14 year old IT geeks - Remember most of the population isn't Tech savy and they don't know better.

The Android Store needs to be more secure - which is ultimately Google's responsibility. Otherwise, it's gonna turn everyone's Android phone into a Windows machine that requires AV software and anti-Malware just to make phone call...

The more stuff like this happens the less likely lay people are going to invest in Android platforms for fear of getting a virus.

Not acceptable.

 

[apone]

@ sundragon

Making PEBKAC jokes makes you sound like a tool with iDevice envy. Users aren't going to transform into 14 year old IT geeks - Remember most of the population isn't Tech savy and they don't know better.

If you truly understood house70's post, you would understand the big picture is to apply simple common sense which does not require the user to turn into a 14-year old IT geek. Yeah I get it, not everyone is tech savvy and no one is saying you have to become one.

Oh and just to clarify, yeah us Android/PC people aren't really envious we didn't shell out a ridiculous amount of cash for an iProduct just so we can feel socially accepted among our peers.

 

[dalethepcman]

This article is an opinion piece about a report, of which the author doesn't quote anything relevent from. Honestly, I don't know how you haven't had a lawsuit filed against you for slander.

Quotes from the AVG source link

"AVG has seen continued focus on the Android platform for smartphones, which is now the leading operating system for devices with 59 percent market share... The malware is spread over the third party application market (and not the official Google Play) in China."

"a Trojan-infected version of the hugely popular Android application 'Angry Birds Space' which was uploaded to unofficial Android application stores."

As for all the people commenting about how android is so insecure. Don't believe everything you read, and check your sources.