Fueling the spread of Android threats has been fast-paced growth in the platform’s smartphone market share. The latest research, reported in late August by Port Washington, NY based NPD Group, pegs Android at 52 percent of the smartphone market in Q2. iPhone (iOS) share hit 29 percent. BlackBerry fell to 11 percent. Windows Mobile and webOS logged shares below five percent.
That muscular Android growth has attracted cyber criminals. But so far the damages inflicted have honestly been few. “Android threats have mainly been nuisances but the threats have become more numerous,” elaborated John Engels, an executive in Symantec’s Mobility Group.
That is a bottom line: chatter about Android vulnerability has reached loud volumes but, for the most part, the threats that have been found are more bothersome than devastating. But step one in securing any Android has to be knowing the enemies and Lookout research has identified the prime Android threats.
Leading the criminal parade is what Mahaffey delicately calls “repackaging,” a threat that takes advantage of Android’s open apps distribution policies where basically any site can set itself up as a distribution hub. This has created a thriving malware industry where criminals are taking popular, typically paid Android apps, then inserting malware, and, finally, making the app free (since it is stolen this involves no costs).
“We are seeing much more of this lately,” said Mahaffey who added that Lookout researchers have found cases where criminals have created storefronts that look indistinguishable from the official Android Market. “This can get very tricky,” he said and the clear meaning is that even experienced users need to stay alert to deviant apps distribution centers and prices that simply are too good to be true.
The second big threat to Android users, said Mahaffey, is a fast spread of malware apps (often disguised as something harmless like a media player) that send SMS to premium priced numbers that quickly can rack up sizable charges. These are clever apps, said Mahaffey, because “often they hide the SMS they send from the user.”
Still in its infancy but with enough cases to show up on Lookout’s radar is a mobile botnet network built by malware which creates communications channels into infected phones. Exactly what the end game is not certain, but what is certain is that probably this will cost users and their companies money.
“We are seeing a lot more experimentation in malware revenue models,” said Mahaffey.
A fourth thread, according to Lookout, is a rapid rise in phishing attacks. Although these are cross platform, and not restricted to Android. Early signs are that many users are less cautious, quicker to respond to phishing emails via their phones than they would be were they sitting at a computer.
Bad as all this sounds, Mahaffey actually says there’s good news here, too because “People are starting to realize they need to take precautions when they use an Android phone.”
One precaution: People have to understand that apps should be downloaded only from an approved short-list of sites, suggested Engels. On that list will be Android Market, possibly Amazon’s Appstore, an enterprise’s own Android downloads page if it has one and not much more.
The second precaution: Insist that users install and keep updated an antivirus app, suggested Mahaffey (whose company of course is a leader in that niche but there are many other player getting into that space). Android, unlike Apple’s iOS, allows antivirus apps to run on the phones and so it is wise policy to require their use.
“Android users, when they hear about the many threats, are looking for ways to protect themselves. The tools exist. It’s just a matter of educating users about their choices.”