The popularity of Google’s Android platform has allowed the company originally known for its search engine prowess to become a giant in the mobile industry. Android’s status as the most widely used mobile OS is certainly great news for Google, but it has also brought with it plenty of unwanted attention from unsavory sources. More specifically, cybercriminals have entered the practice of developing malicious apps and sneaking them into the app marketplace to place unsuspecting victims into their web.
Security firm Juniper Networks recently released statistics that put the malicious Android app problem on display. While many apps provide extended functionality to Android owners via entertainment, productivity, and more, Juniper reported that the known instances of Android-based malware have skyrocketed on a monthly basis. Virtually all the instances were tied to malicious apps, and the number of detections has grown from 400 in June of last year to a whopping 15,507 in February of this year. Hundreds of thousands of smartphones and other Android devices have been infected so far, and while Google claims they are doing their best to prevent the problem, many believe the worst is yet to come. Dan Hoffman, head of Juniper’s mobile research center, said: “I see the problem getting significantly worse before it gets better. We're very much in the infancy of this right now.”
As mentioned, apps allow users to enhance their phones that already come packed with technology that is becoming even more innovative at an astonishing rate. Games, news, music, videos, productivity, and financial information are just a few genres of apps that have attracted consumers to the smartphone craze. In fact, it could be said that apps themselves have driven smartphone adoption, as consumers upgrade their handsets to be able to enjoy the wealth of functionality they offer. Unfortunately, many security researchers feel that the popularity of apps has been successful in creating a fertile breeding ground for cybercriminals looking to reach the masses, and Google’s platform appears to be the top target. Google is not alone in its target status, as Apple’s iOS is also at risk, but experts claim Apple’s App Store offers better overall security for its users.
Lookout Mobile Security’s estimate that 500,000 to one million people had been affected by Android malware in the first half of 2011 backs up Juniper’s statistics of Google’s current app dilemma. As for the major source of the problem, some experts point to third-party app markets based in countries other than the United States. Many of these makeshift markets have been designed to look like the former Android Market (now Google Play) to entice customers through added peace of mind. While based abroad, Lookout Mobile says the foreign app markets are affecting U.S. consumers, and the probability of downloading a malicious Android app in the U.S. has doubled since its report was released.
The Android app problem cannot be attributed entirely to foreign markets, however. Trend Micro reported that of the 1,000 malicious Android apps it detected last year, 90 percent existed on Google’s official site. With a catalog of hundreds of thousands of apps and counting, it’s easy to see how phony apps can sneak through the cracks. Trend Micro also noted that malicious app detections increased at a rate of 60 percent per month in 2011. The company estimates this year’s total to surpass the 120,000 mark. Jon Clay, a security technology expert with Trend Micro, said: “There's definitely a worry out there. The bad guys have found a new environment to gain revenue, so they are going to start exploiting it more and more.”
Google’s response to Android malware was recently released in the form of its Bouncer feature. Described as a system to screen for malicious apps, Google claims that Bouncer has successfully decreased the number of potentially malicious downloads from its site by 40 percent. Still, a recent blog from security firm Kaspersky Labs noted that since apps can be designed to appear legitimate and free of threats, Bouncer only offers partial protection and is not a foolproof solution. Xuxian Jiang, a professor at North Carolina State University, said he detected an instance of a malicious app that bypassed Google’s screening thanks to its benign appearance after it is installed on a device. Once the app passes the initial security screen, it can then proceed to download malware from a remote server.
Malicious apps can produce some nasty side effects once they reach a user’s mobile device. They can steal online banking credentials, call phone numbers to rack up fees on user credit cards, and even track a user’s location. To counter such threats, experts recommend installing trusted security software on your mobile device. Also, you should only download apps from official sites, such as Google Play or Apple’s App Store and read reviews prior to downloading.