…or “Just how much Android malware is there anyway?”
The security industry has an embarrassing problem. For several years it became a matter of course for the big names in security to warn annually that ‘next year’ was to be the year of mobile malware. “Look out“, we said, “mobile malware, it’s coming…“; but it never did. It remained elusively over the threat horizon. In reality, every year since Cabir in 2004 we have saw appearances and developments in mobile malware (originally for Symbian, J2ME and Windows CE) but it simply never reached critical mass or moved beyond the mischievous.
Now that the problem is well and truly here (the last two years have both been called “the year of mobile malware” at several points) we have a problem persuading the world at large that we are not crying “Wolf!” yet again. There is a distinct scepticism paired with a strong belief that the security industry may be selling a solution to a problem that doesn’t exist, or if it does then it only exists in far off countries and little used app stores. So, in the interest of clarity, here are a few numbers that hopefully will go some way towards putting that scepticism to bed, once and for all.
Trend Micro’s Mobile App Reputation Services [PDF] proactively sources and analyses Android apps from around the world. We give them reputation scores in three discrete areas; Maliciousness, Resource Utilisation and Privacy. Here are the numbers, hot of the presses this 8th March 2013, bear in mind these numbers change every minute, upwards…
We have thus far analysed more than 2 million apps, a not inconsiderable sample size when you consider that the entire Google Play offering is around 700,000 apps, and here’s the brutal truth.
- 293,091 Apps classified as outright malicious and a further 150,203 classified as high risk. It took Microsoft Windows 14 years to attract this volume of malicious code!
- Of those 293,091 malicious apps, 68,740 were sourced directly from Google Play. It’s not just Chinese and Russian app stores.
- 22% of apps were found to inappropriately leak user data, over the network, SMS or telephone. The leaked data most often includes IMEI, ICCID, Contact data and telephone number. A few apps were even found to leak data using the microphone and camera (along with several other kinds of private data).
- In addition, 32% of apps were classified as “Poor” in terms of battery usage, 24% “Poor” for network usage and 28% for memory usage.
It’s no surprise that BlackBerry have opted to integrate our Mobile App Reputation Service in their Blackberry World, stopping those malicious apps from ever reaching their customers. It would be heartening to see more app stores taking the safety of their customers so seriously.