The malware numbers for Android keep rising, but you’d still be hard pressed to end up with a malware infection on your own device. Security firm F-Secure released its quarterly mobile malware report on Tuesday morning based on data culled from the company’s mobile app users.
Between January 1 and March 31, F-Secure says it found 275 new threat families—or new takes on old ones—for Android, compared to just one for iOS and Symbian respectively. Of those threats it found, F-Secure says 91 percent were considered malware, while the rest were dubbed ‘potentially unwanted apps’ (PUAs) that could pose a risk if they were misused.
Nevertheless, despite Android’s high share of mobile malware, F-Secure readily admits that security threats are nowhere near the problem they are on PCs.
F-Secure said that its app blocked around 5-10 pieces of malware for every 10,000 users in the United States between January and March. On the PC side, that kind of infection rate is what you would call a very good day indeed. Consider that a 2012 report by Panda Labs claimed 30 percent of all PCs in the US were infected with some kind of malware.
But while the threat to individual users may be particularly low, what’s really interesting about F-Secure’s report is how advanced Android malware is becoming.
The bad guys are getting better…
The bulk of Android malware does things like attempt to send text messages to premium numbers or introduce some other type of money-making scam. But particularly novel types of malware in recent months included a Windows-based banking Trojan that attempted to install malware on Android devices when they were connected to an infected PC via USB.
The first Trojan appeared that tries to use Android’s Orbot Tor client to connect to botnet command and control servers. There was also the first cryptominer app, which attempts to silently mine virtual currencies in the background for the malware author.
Finally, Android’s first bootkit was discovered in January. It can infect a device’s start-up code and is often difficult to detect and remove, with most bootkit infections seen in China.
…but don’t sweat it too much
Despite all those advancements in malware technology, however, your chances of being infected are still really low. Nevertheless, if you want to be really safe from malware and other mobile threats there are a few measures you can take—and most of them involve being smart about how you use your device.
Make sure you use a screen lock so that others can’t access your device and try to install a malicious app onto it. Set-up Android Device Manager so that you can change your device password remotely or wipe your phone should it ever be stolen.
More importantly, only download apps and APK files from sources you trust, such as Google Play. Google’s online store is not bullet-proof and you can sometimes get scammed (see Virus Shield), but the odds of downloading malware via Google Play is very, very, very low, especially if you stick to well known apps from brands and developers you trust.
Finally, check over your permission requests before installing or updating apps. My bank recently updated its app asking to read my call log. That’s one of many apps I’ve stopped using recently due to permission requests that I wasn’t comfortable with.
Finally, if you really want to, you can download an antivirus app such as F-Secure’s Mobile Security or Lookout Security Antivirus. These security apps offer in-app purchases for many features you can get for free on Android, such as remote wipe.
What most of these apps do for free, however, is to scan other apps as they’re installed or updated to see if they contain any known malware. Then again, Google recently announced an addition to its Verify Apps program that continually scans sideloaded apps as well as Google Play installations for bad behavior, so whether you actually need an anti-virus scanning app is debatable.
The Verify Apps feature is available for Android 2.3 and up. To make sure it’s active on your device, open up the Settings app and navigate to Security Device Administration Verify apps.
Google says about 0.18 percent of app installs in the past year have triggered a Verify Apps warning. Malware may technically be more prevalent on Android than on any other mobile platform, but as with most types of malware attacks, the biggest vulnerability is not the device itself but the carelessness of the operator. Stay smart and you’ll stay safe.
This story, “F-Secure says 99 percent of mobile malware targets Android, but don’t worry too much” was originally published by