A study released by Juniper, a network security firm, found that more than 250 thousands of mobile applications are in fact “malicious”. These apps trigger SMS trojans, exploit security flaws, build botnets, and steal private data. The vast majority is Android apps, and over five hundred Android app stores are known to be hosting malware.
“We anticipate that similar to the evolution of PC-based threats, mobile attacks will continue to increase and become more sophisticated in the coming years,” said Troy Vennon, the director of Juniper’s mobile threat center.
For its Mobile Threats Report, Juniper analyzed nearly two million apps for malware and vulnerabilities. The report stated that mobile malware is exploding – up over five hundred percent in the past year – across all platforms, but that the real challenge is Android.
Unlike other platforms, Android allows its users to download apps from hundreds of app stores, many of which offer little or no oversight. Furthermore, as the Android ecosystem fragments, more and more users are using older, more vulnerable versions of the OS and more Android apps ask for private data. This combination of easy distribution channels, users with less secure versions of the OS, and increased acceptance of requests for private data makes Android a tempting target for mobile malware developers.
Malicious apps can earn a lot of money for their authors. According to Juniper’s report, nearly three fourths of all known malware apps are FakeInstallers or SMS Trojans. These masquerade as legitimate apps, but have in fact been “infected” with malicious code. Once installed, they send SMS messages to premium-rate numbers, earning an average of $10 for their developers.
Another reason why Android is such a major target is its success. Android accounts for some 70 percent of the smartphone market, with over nearly a billion active users. Apple’s iOS platform, by comparison, has a “mere” 575 million active users, and it is more difficult to access thanks to Apple’s tight control over its app store.
So where can Android apps be downloaded safely? Google Play is a good choice, as are other well-known app stores such as Amazon’s. The problem is with the nearly 500 obscure stores known to distribute malware. Russia and China are leaders in the number of such stores.
Despite the alarming numbers, it is worth to keep a few things in mind when considering this study and others like it. Juniper is in the mobile security business, and the mobile security business thrives when people are worried about mobile security. This is not to imply that Juniper is falsifying data, but the definition of “malware” can vary from one study to the next. For example, Juniper includes apps that push the boundaries of privacy – ones that track your location via GPS, for example – that not everybody would consider malware. Juniper did not say how many of the all “malicious” apps were of this sort.
Taking into account everything mentioned above, we can say with certainty that basic rules of mobile security are obligatory to follow. First of all, don’t install any app or program without its careful consideration. Take a look at the reviews left by current users and pay attention at permissions requested. If such permissions seem to be suspicious and asking for the unnecessary access to your private data, avoid the installation of that program. It is also important to update your Android: Juniper states that Android 4.2 is better in terms of security as it allows you to receive the notifications about sending SMSs to premium services. Such messages are the most widespread among malware apps.
Author Bio: Linda Waters, who writes about data security, works at the field of mobile monitoring at mspy.com and loves to be in the know of the newest mobile trends and launches.