Report: Android Market plagued by malware threats


Malware samples identified in Google's (NASDAQ:GOOG) Android Market have increased 472 percent since July 2011 according to a new study issued by Juniper Networks, which blames the outbreak on the storefront's lack of a reliable upfront preview process and the absence of related checks and balances.

mobile malware

Click here to view a larger version of this chart.

The months of October and November 2011 have seen an explosion in malicious Android apps, Juniper reports--October alone experienced a month-over-month increase of 110 percent, and November is on pace to grow another 111 percent. By comparison, Juniper identified a 400 percent increase in Android malware from 2009 to the summer of 2010.

Android malware is growing in sophistication as well as volume. "In the early spring, we began seeing Android malware that was capable of leveraging one of several platform vulnerabilities that allowed malware to gain root access on the device, in the background, and then install additional packages to the device to extend the functionality of the malware," Juniper states. "Today, just about every piece of malware that is released contains this capability, simply because the vulnerabilities remain prevalent in nearly 90 percent of Android devices being carried around today."

Among known Android malware samples, 55 percent of threats act in one way or another as spyware. Another 44 percent are SMS Trojans, which transmit text messages to premium rate numbers owned by the attacker in the background of a legitimate application, without the consumer's knowledge. Juniper's Global Threat Center believes the Android threats are originating from the same attackers that previously wrote malicious code targeting devices running legacy versions of Symbian and Microsoft's (NASDAQ:MSFT) Windows Mobile.

"The main reason for the malware epidemic on Android is because of different approaches that Apple (NASDAQ:AAPL) and Google take to police their application stores," Juniper explains. "Android's open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware. There is still no upfront review process in the official Android Market that offers even the hint of a challenge to malware writers that their investment in coding malware will be for naught. Until there comes a time that someone figures out a tried and true way to get malicious applications into the App Store, Android will remain the target of mobile malware writers around the world."

Android powers 52.5 percent of all smartphones sold worldwide during the third quarter of 2011, more than doubling its global market share over a year ago, according to data issued earlier this week by research firm Gartner. Sales of Android smartphones topped 60 million, more than tripling sales of Symbian-based products at 19.5 million (translating to a market share of 16.9 percent, down from 36.3 percent a year ago). Apple's iPhone follows with sales of 17.3 million, up from 13.5 million a year ago; its global market share nevertheless dipped to 15.0 percent from 16.6 percent in the third quarter of 2010.

For more:
- read this Juniper Global Threat Center blog entry

Related articles:
Study: European users trump U.S. on Android app downloads
Gartner: Android fuels 52 percent of smartphone sales in Q3
ComScore: Android closing in on 45% U.S. smartphone market share
Google's Schmidt: Microsoft is 'scared' of Android's success
Google to acquire Motorola Mobility, vows Android will remain open