New figures out today show Android malware has grown by 580 percent between September 2011 and September 2012. Furthermore, more than 175 million downloads of ‘High Risk’ apps were found in Google Play’s Top 500.
On first glance, that sounds really scary, but let’s take a look in more detail. The numbers come from security firm TrustGo, a US-based antivirus firmed backed by $1.5 million in seed funding, and, though the figures are based on the firm’s own research, they do require a little context.
First up, the 580 percent statistic. Yes, the number of malicious Android apps is definitely growing. Most Android users get their apps from the Google Play store, and this figure was put together after scanning “1.7 million apps found on 175 marketplaces worldwide.” Furthermore, the raw numbers are as follows: 4,951 malware samples last September to 28,707 malware samples last month.
Percentages are most useful when the numbers are comparable in the first place; Android is a relatively new platform, so naturally malware numbers are skyrocketing due to (in a large part) the growth in total app numbers. Here’s a new figure to demonstrate my point: 1.69 percent of all Android apps out there, the majority of which are not on Google Play, are malicious.
What I’m trying to emphasize here is that most malicious and risky apps aren’t even on the Google Play store to begin with, so most users won’t download and install them. What about the other number (175 million downloads of ‘High Risk’ apps in Google Play’s Top 500)? TrustGo distinguishes Malicious from High Risk on the basis that the former are apps that intentionally cause harm to you or your phone, while the latter are apps that can steal data, damage privacy, make payments, track web browsing, send your location, etc.
TrustGo’s Jeff Becker tells TNW more:
The Risky apps are a problem for users because they monetize their apps using highly aggressive and insecure ad networks, some of which go so far as to take over parts of users’ devices. Some, like Leadbolt and AirAd, send sensitive user data like phone number and device IDs to 3rd parties who often use the info to send copious amounts of spam messages and notifications, even telemarketing calls. Worse are networks like Apperhand that can replace users’ browser homepage with a suspect search page, add icons and shortcuts to the phonetop…some of which lead to more High Risk and potentially Malicious apps.
The 175 million downloads figure is thus worrying, but then again we are talking about Google Play’s most download apps, so it’s bound to be big (as TrustGo notes, “popular” doesn’t mean “safe”). Yet I dug deeper to find out how many of the top 500 apps were actually deemed High Risk: it turns out it’s just 23. That’s nothing to scoff at, but looking at things through a percentage lens, it turns out we’re just talking about 4.6 percent – which will certainly affect some.
Most of those affected are likely to be in emerging markets and not the US, where going ‘off piste’ to download an Android app outside of Google Play is unwise. However, in countries like China — where Google Play has no paid-for apps – and other parts of Asia — where third party stores are more popular — the issue is more prevalent and likely to impact more people.
If you’re wondering why Apple isn’t picked upon in the TrustGo report, these issues affect the firm less as it operates a ‘closed garden’ approach to its app ecosystem, unless you choose to jailbreak your device. The issue of malware, forked OS builds and security threads come hand-in-hand with Google’s more open approach to mobile – and that’s a topic for much debate. Especially in China, aka the world’s largest smartphone market, where TrustGo has unearthed potential dangers on Android devices in the past.
TrustGo is indeed emerging market focused and it is backed by China-focused Northern Light Venture Capital. As you’d well expect, has its own Android antivirus app on Google Play, and it has made top-line details of its Halloween Spotlight infographic available in the infographic below.
Here’s some quick advice for Android users: stick to the Google Play store for your apps. Even then, always read the permissions an app is requesting from you and make sure they make sense for the app you’re trying to install.
Image credit: Gabriella Fabbri