Juniper Global Threat Center published a report earlier this week noting that it has been discovering new Android malware at an exponential rate over the last several months, as reported by Jim Dalrymple of The Loop.
The mobile security group attributed the problem to the lack of a review process, the relative ease of making a developer account anonymous and the mere $25 fee required to begin posting applications.
The platform is unprotected because it operates "with no upfront review process, no one checking to see that your application does what it says, just the worldâs largest majority of smartphone users skimming past your applicationâs description page with whatever description of the application the developer chooses to include," the firm said.
In a previous report, Juniper had found a 400 percent increase in Android malware from 2009 to the summer of 2010, but a recent flood of malicious applications has eclipsed that growth. In August, detected malware samples increased by 10 percent, then by 18 percent in September. October saw a 110 percent increase on top of the previous month, and November has so far seen a 111 percent increase.
Spyware made up 55 percent of the samples, while the majority of other attacks came in the form of SMS Trojans that secretly send text messages to premium numbers. Juniper believes that the same people who wrote malicious code for older platforms such as Symbian and Windows Mobile have now set their sites on Android because of its substantial market share gains.
The firm opted not to go so far as to say that Apple's iOS is more secure than Android, offering only a "maybe," but it did note that the approach that Apple has taken to police its App Store has helped the company avoid malware on its platform.
"Androidâs open applications store model, which lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware," the report concluded. "Until there comes a time that someone (ever heard of Charlie Miller?) figures out a tried and true way to get malicious applications into the App Store, Android will remain the target of mobile malware writers around the world."
Miller, an expert security researcher known for repeatedly hacking Apple's products, revealed last week that a code signing security flaw in iOS made it possible for malware to steal user data and take control of certain functions. He managed to sneak a proof-of-concept app into the App Store in order to demonstrate the issue, but Apple quickly removed the application and booted him from the iOS Developer Program after reports emerged regarding the vulnerability.
Juniper's warnings on the recent barrage of Android malware come on the heels of several other cautionary reports that have emerged in recent months. Security firm Lookout and market research company Retrevo both called attention to the problem this summer, noting that iOS has proven to be safer than Android.
An August report from McAfee found that Android had become the most-targeted platform for malware while iOS was untouched.
136 Comments
Yikes!
For fun check to see how many "Hello World" type apps are in the Android Market. I think I'll stick with the walled garden that is the App Store.
For fun check to see how many "Hello World" type apps are in the Android Market.
What's that for?
iOS: Security through obscurity.
Yikes!
For fun check to see how many "Hello World" type apps are in the Android Market. I think I'll stick with the walled garden that is the App Store.
It's about "choice". Who cares if iOS is stable, free of malware, and an overall pleasure to use? Flash and Malware are choices even if they make for a crappy experience. With Android, I have the luxury of experiencing crap -- You don't!!
What's that for?
It's evidence of the complete lack of control when Chapter 1 Program 1 test projects can be uploaded to Android Market.
It's about "choice". Who cares if iOS is stable, free of malware, and an overall pleasure to use? Flash and Malware are choices even if they make for a crappy experience. With Android, I have the luxury of experiencing crap -- You don't!!
I trust you are being sarcastic.