Thanks to the market’s insatiable appetite for all thing mobile, the rise of mobile malware is hardly surprising. Even if you didn’t fall for the scaremongering, mobile malware is an actual, real threat with a wide scope, and it’s getting worse.
According to Trend Micros’ Security Intelligence Lab, the number of “mobile threats” hit the one million mark last month, and McAfee reported that the number of new threats practically doubled in 2013, while Juniper Networks reported that mobile malware grew by a staggering 614 percent between March 2012 and March 2013. At the same time, market research firm IDC reports that only five percent of all smartphones shipped worldwide feature some sort of preinstalled protection.
As the most popular mobile platform, Android is getting the worst of it, with an estimated 79 percent of mobile malware designed specifically to target Google’s mobile OS. As always, there is a price to be paid for the popularity – a similar trend affected Windows for years, as competing operating systems were simply too small to be worth the trouble for malware developers.
The situation, however, is not as dire as it seems at the first glance. Google recently reported that only an estimated 0.001 percent of all app installations on Android devices can get around its multi-layer defenses and cause real harm. Unlike Apple, Google does not vet all apps before they hit the Play Store, but it does get rid of malicious ones as soon as they are identified.
The real problem is that many apps aren’t installed directly from the Play Store. Google puts the number of side-loaded app downloads that did not come from the Play Store at 1.5 billion. These include pirated versions of popular apps, along with many rooting tools.
The Smaller the Platform, the Lower the Risk
BlackBerry 10 and Windows Phone 8 are rarely the subject of mobile malware research and there is a very good reason for that. BlackBerry’s market share is tiny and it’s getting even tinier. WP8 is gaining some traction, but it is still dwarfed by iOS and Android. Malware makers simply aren’t very interested in them for obvious reasons, so that tends to make them somewhat safer, but not safe.
Windows Phone is the big unknown. It’s gaining market share in Europe and South America, so it could soon become an interesting platform for malware makers. The jury is still out and many security experts believe Windows Phone is not as secure as competing systems – it’s just less of a target at this point.
What’s the Worst that Could Happen?
The mobile payments market is growing fast and sophisticated malware could interfere with the adoption of mobile payments, if it undermines their security. Google has been trying to include some rudimentary services and hardware support for years, and most high-end Android phones nowadays ship with NFC support, which hasn’t caught on yet. Apple introduced a fingerprint scanner in the new iPhone 5S with the hopes that an added layer of protection could alleviate some consumer concerns when it comes to security.
The old premium SMS scam is still alive and well, unfortunately. BYOD (Bring Your Own Device) is another big source of concern. As more and more organizations adopt liberal BYOD policies, the inherent risk of using multiple hardware and software platforms to do the same job also has a multiplier effect on vulnerability.
Staying Safe Isn’t that Hard
Obviously, the simplest way to avoid most Android malware is to simply stay away from all .apk software that did not come from the Play Store. Installing anti-malware software is, of course, another way to bolster security. Also, Android fragmentation isn’t helping, so choose phones from vendors with a good track record in delivering Android updates.
Although it all looks pretty dire, there’s really no reason to be scared. If you exercise just a bit of caution, stay away from third-party app markets and suspicious apps, mobile malware should not keep you up at night, especially if you keep your operating system up to date. Security firm Sophos, has a few simple tips in case you want to learn more.
License: Creative Commons
Katie Morris is a freelance writer that has several years of experience writing for the computer, technology, and security fields.