Android Malware Risks, Over 5.3 Million

Video: Android Malware, Is It As Disruptive As Mobile?

Hosts: George Yunaev and Darragh Kelly

This video, hosted by cyber security experts, covers Android malware threats in detail.  We’ve summarized the video for you, with time stamps and notes below.

There are forecasted to be 1,454,760,000 android devices to be shipped out in 2015 alone. There are 5.3 million unique malicious apps known for Android at present. Together, these numbers equate to a very large threat opportunity. This post is worth a read for Android users and business owners with or without BYOD policies in place.

Old Cellphones Were Simple & Secure Cellphones

At the 5:00 mark, George begins with a bit of history on the most secure cell phones in the past and why they were so. In short, no apps = nothing to exploit = safe.  This closed-book design kept the phone operating system and its resources locked away from malicious code and applications, keeping it secure.

At the 7:50 mark, George gives us some history on early cell phones and how Symbian programmers provided cellphone manufacturers and software developers with a Software Development Kit (SDK) for its devices. A SDK allowed third party developers to create applications for these phones. It also allowed malicious programmers to develop malware, and in 2004, the first Proof of Concept malware was released, which basically allowed malicious users connected to the device by Bluetooth nearby the ability to steal the devices contact list. Those phones and apps were much simpler than today’s devices and apps, so these variants of malware soon died off.  But a malware boom was just around the corner.

Android Built To Conquer, Not To Be Secure

At the 10:50 mark, George explains that in Android early days, the idea was to conquer the market. The idea was to provide the code for free to developers and phone manufacturers so they could develop custom applications for the devices in order to sell more phones. However, the readily available source code also allowed malware writers an easy avenue to create harmful and malicious code for Android devices. In 2010, Android Malware hit the market and grew rapidly.  There are 5.3 million unique malicious apps known for Android at present.

What was different with Android vs Apple iOS, which kept Apple devices more secure, is that with iOS, developers had to complete an application, sign a non disclosure and pay a fee to access the code.

PC VS Android Malware Risks

Android malware dominates the market now.  How does Android malware compare to PC malware?

At the 13:30 mark, Darragh begins to compare the similarities between PC and Android malware providers end goal, which are monetary.  The most common malware forces devices to initiate premium/paid for services that users pay for and malware providers profit from.  An example would be of Android malware that texts premium SMS numbers which cost a fee.

At the 15:30 mark, Darragh introduces us to the new, booming Ransomware threat, which has begun to grow not only in the PC market but even more so in the Android market. Essentially, this malware takes control of a device (or in some cases only pretends to), and extort users by informing them they must pay a ransom to get back into their device or data. With a true ransomware virus the data is also encrypted by the virus, and is only unlocked if the ransom is paid. otherwise, the data is deleted and the user loses everything. In 2014, 50% more users were held hostage by Ransomware than in 2013.  And the ransom cost is much higher than some premium SMS text fees, with ransoms ranging from a few hundred to a few thousand dollars. 

At the 17:45 mark, Darragh provides data that suggests we will only see an increase in malware and ransomware exploits. He explains that there estimates to be a 1,425% Return on Investment (ROI) on ransomware exploits, a huge monetary incentive for cyber criminals. 

We have PC anti-Malware. Where’s the Android anti-Malware?

At the 18:40 mark, George explains how powerful PC Anti-virus programs are and asks why Android doesn’t have just as powerful anti-virus programs available, then tells us the answer is because Android doesn’t cooperate with security vendors. George explains that even though Android is open-sourced and the SDK is freely available there is missing functionality and hooks to create Android anti-virus programs that protect users at the same level as PC antivirus programs.

George explains that with current Android malware, all it can really do is tell you there is a virus or malware present and prompt you to uninstall it-  the ability to disinfect, uninstall or even block malicious applications simply isn’t there.

Less powerful anti-virus + more ways to get infected.

At the 21:20 mark, George states that there are more ways to get infected or malware on your android device than your PC. There are cracked games, torrents and apps.  Many of these are available on 3rd party app stores, not Google Play.  But some countries, such as China, do not have access to Google Play, and so 3rd party app stores are their only option, where risk of infection is much higher.

In addition, these Android viruses have more ways to spread themselves than PC viruses – they can use email, bluetooth and SMS.

At the 26:05 mark, Darragh explains that Google Play store does an excellent job of removing malware infected apps not only from the Play store, but from every single device which ever downloaded the app- even without your knowledge or consent.  That’s powerful security… and a privacy conversation for another post, another day.

What can you do to stay safer?

To wrap up, Darragh offers solutions for software developers to help create more and better Android anti-virus programs.  Darragh suggests that as malware grows the adoption of mobile Antivirus will grow too.  It will have to to keep up with growing threats and ransomware.

For you, the end user and phone owner, be sure to only purchase apps from the app store, encrypt your phone and install mobile antivirus on your phone today. If travelling overseas where risk of infection is higher, leave your phone at home.  Also check out our blog post on how to limit your risk of being hacked for our list of mobile anti-virus recommendations for both iOS phones and Android phones. And if you found this article helpful, please share it.

Sharing is good.