The Android Tax? Android malware up 472% since July

[*LTD*]

http://www.readwriteweb.com/archives/android_malware_up_472_since_july_juniper_says_inf.php

http://news.cnet.com/8301-1009_3-57325774-83/android-leads-the-way-in-mobile-malware/

Android Malware Up 472% Since July

Looking back at 2011, we could call it subtitle it as The Year Of Android Malware. It started with DroidDream and reports have been issued all year that have shown exponential growth in Android malware. It is not getting any better. If Juniper's research can be believed, it is getting much worse.

Juniper says there has been a 472% rise in Android malware samples since July 2011. Juniper says that almost all of the Android malware contains code for root access that will force the device to communicate with a command-and-control server and download additional instructions. 55% of Android malware acts as spyware and the rise of "SMS Trojans" has become a significant problem.

Recent Jump In Android Malware

Juniper notes that Android's open market structure, where almost any developer can pay $25 for developer access that can be anonymized, is the primary culprit for the rise of Android malware. Juniper notes that iOS may or may not be any safer but that Apple makes it safer by requiring code signatures and pre-screening all apps. Smart Android publishers put code signatures into their apps because they know that the security applications have the capability of white and black listing certain signatures and that helps them keep their app out of the malware repository that security apps scan for.

October and November have seen the highest growth rates for Android malware samples since the rise of the platform, according to Juniper. The number of samples grew 28% in September, October had a 110% increase over September and a 171% increase from July 2011.

Spyware with root access is the main threat from malicious Android applications. Juniper notes that the vulnerability to root access from malicious apps is prevalent in 90% of Android devices in the consumer market. Outside of spyware, the SMS Trojan makes up 44% of Android malware. Juniper published another post today showing that much of the SMS Trojan activity is coming out of Russia.

SMS Trojans work by getting users to click on text messages or links in emails that will prompt them to pay for an app through premium text messages. These are often from pirated of cracked apps. The problem is that users end up paying for free apps, like Opera Mini for Android, or developers do not get paid for their premium apps.

------------------------------------------------------------

This is the price you pay for horizontal business models - that is, business models based on universally licensing operating systems to OEMs. In this case, virtually any OEM that can slam together a phone, especially since the OS is free.

Yes, you have "choice", an open platform, and vast market share to support it. But it comes at a price. User Experience being the obvious one that comes to mind. Horizontal business models simply don't play well in that area - they can't by default, because the OS provider loses control of their product at a key stage, and it's shuffled off to OEMs to do with as they wish. It sure works for padding market share numbers and playing in lower-income/developing markets, but there's a lot of corner-cutting going on, and the competitor that does a vertical business model right will end up (and is) dominating in consumer satisfaction.

All you need to look at is motivation. Google is in the smartphone market to peddle ads via a smartphone as a vehicle or shell. While Apple, for example, is focused (almost obsessively) on providing the best User Experience possible. The very way the two companies think about the segment is like night and day. Their whole starting points are poles apart.

Malware is the other price the user pays. Note that most of the free antivirus apps for Android are virtually useless:

http://www.neowin.net/news/free-android-anti-virus-products-virtually-useless

HTC, Motorola, Samsung . . . they're all a part of the experience once the device gets into the user's hands. There's no getting around that.

The User Experience process doesn't end when the OS or code is released. It's an entire process, from cradle to grave. Google simply has a fundamental disrespect for what they produce. A great OS that is universally licensed . . . is a contradiction in terms.

If you're the type that's sick of PC malware, then you'll see it duplicated within a different form factor when it comes to horizontal business models in other market segments that feature online access, no matter who is doing it, be it Google or anyone else.

 

[entatlrg]

Excellent post, well said.

 

[neiltc13]

I'm confused. The article you quoted is about malware, but your comment below it is something to do with licensing, choice, mobile ads and user experience and your title is something to do with taxes.

 

[mkrishnan]

I'm confused. The article you quoted is about malware, but your comment below it is something to do with licensing, choice, mobile ads and user experience and your title is something to do with taxes.

There are some limitations to the argument. One could ask why malware is still not a significant issue in the hyper-fragmented Linux market, for instance. My thought is that Android having malware/virus problems is in part related to its slow and seemingly inevitable assumption of status as numerically dominant smartphone / device platform (becoming the Windows of phones). It's just the big target.

 

[*LTD*]

There are some limitations to the argument. One could ask why malware is still not a significant issue in the hyper-fragmented Linux market, for instance. My thought is that Android having malware/virus problems is in part related to its slow and seemingly inevitable assumption of status as numerically dominant smartphone / device platform (becoming the Windows of phones). It's just the big target.

And there's no control, no real vetting or review process, which is one of the obvious causes.

http://news.cnet.com/8301-1009_3-57325774-83/android-leads-the-way-in-mobile-malware/

"The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores," the Juniper blog notes. "Android's open applications store model, which lacks the code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught."

It's all part of the "Open" philosophy.

 

[Rodimus Prime]

I'm confused. The article you quoted is about malware, but your comment below it is something to do with licensing, choice, mobile ads and user experience and your title is something to do with taxes.

Just accept it as standard *LTD* FUD.

I question if he has any understanding of 1/2 the stuff he post and instead just going off ranting how *Something not Apple* sucks or the other Apple *blank* rules.

There are some limitations to the argument. One could ask why malware is still not a significant issue in the hyper-fragmented Linux market, for instance. My thought is that Android having malware/virus problems is in part related to its slow and seemingly inevitable assumption of status as numerically dominant smartphone / device platform (becoming the Windows of phones). It's just the big target.

What the article does not go threw the touble of point out is a very little of the malware for Android is in the market. Vast majority of it is from 3rd party app stores or downloaded from web sites. Translation most of it is side loaded and completely outside Google control.
But that little fact complete undermines LTD and the articles FUD so it does get left out.

Standard rules apply to anything you put on your phone. That is if it comes from a questionable source or is a ware you get what you are asking for by being stupid.

 

[ChazUK]

And there's no control, no real vetting or review process, which is one of the obvious causes.

When it comes to apps, I myself am the vetting process checking out app permissions upon installation, reading reviews and installing applications from trusted developers.

That kind of mentality has kept me safe from malware on Windows and OS X (no iWork pirated malware for me!).

The recent hiccup with the malware proof of concept on the App Store and a lack of any real way of telling which permissions iOS apps have access to takes an element of personal control away from me and leaves me a little blind to what I'm installing.

Apple's way isn't for everyone. The micro-managing I do may not be for you but I prefer to keep myself in control when something has access to my own and friends personal data on my phone.

 

[aerok]

http://www.readwriteweb.com/archives/android_malware_up_472_since_july_juniper_says_inf.php

http://news.cnet.com/8301-1009_3-57325774-83/android-leads-the-way-in-mobile-malware/

Android Malware Up 472% Since July

Looking back at 2011, we could call it subtitle it as The Year Of Android Malware. It started with DroidDream and reports have been issued all year that have shown exponential growth in Android malware. It is not getting any better. If Juniper's research can be believed, it is getting much worse.

Juniper says there has been a 472% rise in Android malware samples since July 2011. Juniper says that almost all of the Android malware contains code for root access that will force the device to communicate with a command-and-control server and download additional instructions. 55% of Android malware acts as spyware and the rise of "SMS Trojans" has become a significant problem.

Recent Jump In Android Malware

Juniper notes that Android's open market structure, where almost any developer can pay $25 for developer access that can be anonymized, is the primary culprit for the rise of Android malware. Juniper notes that iOS may or may not be any safer but that Apple makes it safer by requiring code signatures and pre-screening all apps. Smart Android publishers put code signatures into their apps because they know that the security applications have the capability of white and black listing certain signatures and that helps them keep their app out of the malware repository that security apps scan for.

October and November have seen the highest growth rates for Android malware samples since the rise of the platform, according to Juniper. The number of samples grew 28% in September, October had a 110% increase over September and a 171% increase from July 2011.

Spyware with root access is the main threat from malicious Android applications. Juniper notes that the vulnerability to root access from malicious apps is prevalent in 90% of Android devices in the consumer market. Outside of spyware, the SMS Trojan makes up 44% of Android malware. Juniper published another post today showing that much of the SMS Trojan activity is coming out of Russia.

SMS Trojans work by getting users to click on text messages or links in emails that will prompt them to pay for an app through premium text messages. These are often from pirated of cracked apps. The problem is that users end up paying for free apps, like Opera Mini for Android, or developers do not get paid for their premium apps.

------------------------------------------------------------

This is the price you pay for horizontal business models - that is, business models based on universally licensing operating systems to OEMs. In this case, virtually any OEM that can slam together a phone, especially since the OS is free.

Yes, you have "choice", an open platform, and vast market share to support it. But it comes at a price. User Experience being the obvious one that comes to mind. Horizontal business models simply don't play well in that area - they can't by default, because the OS provider loses control of their product at a key stage, and it's shuffled off to OEMs to do with as they wish. It sure works for padding market share numbers and playing in lower-income/developing markets, but there's a lot of corner-cutting going on, and the competitor that does a vertical business model right will end up (and is) dominating in consumer satisfaction.

All you need to look at is motivation. Google is in the smartphone market to peddle ads via a smartphone as a vehicle or shell. While Apple, for example, is focused (almost obsessively) on providing the best User Experience possible. The very way the two companies think about the segment is like night and day. Their whole starting points are poles apart.

Malware is the other price the user pays. Note that most of the free antivirus apps for Android are virtually useless:

http://www.neowin.net/news/free-android-anti-virus-products-virtually-useless

HTC, Motorola, Samsung . . . they're all a part of the experience once the device gets into the user's hands. There's no getting around that.

The User Experience process doesn't end when the OS or code is released. It's an entire process, from cradle to grave. Google simply has a fundamental disrespect for what they produce. A great OS that is universally licensed . . . is a contradiction in terms.

If you're the type that's sick of PC malware, then you'll see it duplicated within a different form factor when it comes to horizontal business models in other market segments that feature online access, no matter who is doing it, be it Google or anyone else.

And you post this in a Mac forum because...? Do you feel bad because Google does not hold your hands like Apple does?

Google simply has a fundamental disrespect for what they produce

That's an opinion, not fact. Unless you have links to prove it.

 

[roadbloc]

It is a good job the majority of Android phones sold have an Antivirus pre-installed on them. Taking that into account, as long as the AV doesn't seriously hinder performance, I don't see much of a problem.

 

[*LTD*]

My thought is that Android having malware/virus problems is in part related to its slow and seemingly inevitable assumption of status as numerically dominant smartphone / device platform (becoming the Windows of phones). It's just the big target.

Do note, that iOS is the dominant mobile platform overall, which includes smartphones, tablets, and iPods. And these all feature internet access and app stores.

 

[miles01110]

LTD, could you make a correspondingly negative/pointless title about OS X malware due to the recent MacDefender problems? "The Apple Tax? OS X Malware Up 15,000% since July"

 

[mkrishnan]

Standard rules apply to anything you put on your phone. That is if it comes from a questionable source or is a ware you get what you are asking for by being stupid.

Even on the app store... that app where the description is in bad English, there are two reviews that don't sound quite right, and yet they're describing something awesome, might not be malware but you still probably don't want it.

I'm just glad that, over the years, although we've been dealing with phone malware at least since that Bluetooth scare in 2004, for the most part, virus and malware hasn't become a huge issue on my phone, and if anything, it's also stopped being a huge issue even on Windows (with sensible practices).

Good riddance. I remember when I had an Amiga and there were boot sector viruses that would render your purchased game discs permanently useless. Ugh I don't want to go back to that kind of nonsense.

 

[gentlefury]

I had a droid and after about the first month I decided it was best to consider the market as closed! 90% of the apps are either broken, infected with malware, a virus, or not compatible with your hardware. It is a complete and total mess! Browsing the market is a joke...devs upload 60 versions of the same app at a time...so it tends to be:
app
500 apps that show a random picture when your phone rings (and installs a virus)
app

It really is pathetic! Also, since there is NO direction in the android black market, updates tend to break already working apps...so I got completely paranoid to update any apps I actually used because they would stop working!

If apples method really is a "closed, walled garden" I will take that over the open ghetto market of Android any day!

 

[ChazUK]

I had a droid and after about the first month I decided it was best to consider the market as closed!

90% of the apps are either broken, infected with malware, a virus, or not compatible with your hardware.

There is definitely some conflict of truth there.

Can you list the 90% incompatible, broken, malware infected and virus invected apps that you managed to source and download at all?

That should be some list!

 

[gentlefury]

There is definitely some conflict of truth there.

Can you list the 90% incompatible, broken, malware infected and virus invected apps that you managed to source and download at all?

That should be some list!

geez, ****, you understand I was not being literal right?

 

[ChazUK]

geez, ****, you understand I was not being literal right?

Is that a round-about way of saying "I contributed nothing to the thread and posted nothing but BS"?

If so I totally agree.

 

[macinnv]

I have an android, mainly because my carrier doesnt have it and I dont have the money to afford an iphone. I've also had android since the beginning. While with android there are a lot of things to complain about, from my experience (and from others around me) malware and viruses arent one of them. I generally only download reputable apps with at least decent reviews by the way.

 

[Rodimus Prime]

Even on the app store... that app where the description is in bad English, there are two reviews that don't sound quite right, and yet they're describing something awesome, might not be malware but you still probably don't want it.

I'm just glad that, over the years, although we've been dealing with phone malware at least since that Bluetooth scare in 2004, for the most part, virus and malware hasn't become a huge issue on my phone, and if anything, it's also stopped being a huge issue even on Windows (with sensible practices).

Good riddance. I remember when I had an Amiga and there were boot sector viruses that would render your purchased game discs permanently useless. Ugh I don't want to go back to that kind of nonsense.

Yeah I have learned that as well to question things even on Apple App store. I want to say we have had post here about some of the crap posted in the App store that did some very questionable harvesting of data.

I had a droid and after about the first month I decided it was best to consider the market as closed! 90% of the apps are either broken, infected with malware, a virus, or not compatible with your hardware. It is a complete and total mess! Browsing the market is a joke...devs upload 60 versions of the same app at a time...so it tends to be:
app!

Nice amount of pure FUD you posted there. All of that is far from the truth.

 

[aerok]

Nice amount of pure FUD you posted there. All of that is far from the truth.

Far is an understatement, as far as we know, he is probably googling about malware apps in the market to create a list of apps he ''used''