Android users, beware of malware —
Do you need to run antivirus software on a smartphone?
“The number of Android devices is huge,” said Ragib Hasan, a professor at the University of Alabama-Birmingham who studies malware. “It makes sense for cybercriminals to focus on that platform.”
According to a study released by the Department of Homeland Security in July, 79 percent of the identified smartphone malware threats were targeted at devices running Android.
And the threat is growing. By the end of June, there were some 718,000 malicious or high-risk Android applications, security firm Trend Micro reported in August. While that total is a small fraction of all the malware targeted at Microsoft’s Windows PC operating system, it was up 41 percent just from the end of March.
About half of malware threats identified by the Homeland Security report were Trojan horses, or Trojans, which are malicious programs disguised as legitimate ones. The ones targeting Android devices typically use text messaging programs to send text messages to phone numbers that automatically trigger a payment from the user’s account. Often those charges can be in the hundreds or even thousands of dollars.
Another set of smartphone threats come in the form of rootkits, which are malicious pieces of software that hide in the background of a device and record keystrokes, locations and passwords. Yet another threat comes from application stores that impersonate Google’s Play store to trick users into downloading malicious software.
Android is targeted not just because it’s popular, but also because of how it works, security researchers say.
IPhone users generally can’t download apps from any place other than Apple’s App Store. Similarly, Microsoft only allows Windows Phone users to download software from its Windows Phone store. By contrast, Android allows users to install software from a variety of locations, not just from Google Play. While there are plenty of legitimate Android storefronts around – Amazon.com Inc. operates one, for example – some aren’t scrupulous about screening out bad applications.
Android users can help protect their devices by not downloading apps from places other than Google’s Play app store, security researchers say. Google screens the apps in its store for malicious code, and Android users can now have Google remotely screen apps on their phone that were downloaded elsewhere, said Adrian Ludwig, an Android security engineer at Google.
Thanks to that service and other built-in security features on Android, users don’t really need to run other antivirus programs, Ludwig argued, noting that Google itself dissuades employees from running such software on their devices. Google’s data indicates that while the number of malicious apps is increasing, the frequency of infections is low and stable, he said.
But other security experts warn that even Google Play isn’t 100 percent safe. A Symantec researcher reported recently that the security company had found some 2,500 scam apps in Google’s storefront that were posted between the beginning of the year and the end of August.
The apps typically promise to connect users with pornographic websites, but frequently charge users $1,000 or more to sign up. Symantec found that 1,000 of the apps were listed in August alone, although many were deleted quickly.
Whatever the current level of risk may be, it’s almost certain to grow. That’s because smartphones frequently store or transmit sensitive data such as users’ location or financial information.
“Criminals are just discovering the vast amount of information and financial gains they can get from mobile malware,” said Hasan.
Given that trend, it’s better to be safe than sorry, many security researchers say.
“If you can get antivirus on your phone, it’s just safer,” said Roger Thompson, chief emerging threats researcher at ICSA Labs, a division of Verizon that tests and rates security products.