Tuesday, November 06, 2012

Android Malware Up Massively.

Security firm F-Secure’s latest mobile threat report (for Q3) reports “a whopping 51,447 unique samples” detected in the third quarter, up from 5,033 in Q2 and 3,063 in Q1. The majority of the new Android malware detected by F-Secure in Q3 are designed to “generate profit from SMS sending activities or by harvesting information found on the infected device”, it notes — whereas earlier this year driveby malware was the most prolific. Commenting on Android’s security situation last month, a Google spokesman told me: “We are committed to providing a secure experience for consumers in Google Play.” Mountain View claims its data on Android malware shows a 40 percent decrease in “the number of potentially-malicious downloads from Google Play” between the first and second halves of 2011.
Google takes various measured to tackle malware. Earlier this year, when it introduced its app store scanning system — codenamed Bouncer – Hiroshi Lockheimer, VP of Engineering, Android  explained how it worked in a blog post
The service performs a set of analyses on new applications, applications already in Android Market, and developer accounts. Here’s how it works: once an application is uploaded, the service immediately starts analyzing it for known malware, spyware and trojans. It also looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. We actually run every application on Google’s cloud infrastructure and simulate how it will run on an Android device to look for hidden, malicious behavior. We also analyze new developer accounts to help prevent malicious and repeat-offending developers from coming back.
In addition to scanning for malicious code, Google’s security approach includes Content policies that Android developers must adhere to — also tightened up this summer — along with what it describes as “a multi-layered security model based on user permissions and application sandboxing”. Any apps that violate Google policies are pulled from Google Play — but of course that does not stop them being offered on third party app markets.
F-Secure notes that the release of Android 4.1 Jelly Bean included “a number of exploit mitigation features as part of an ongoing effort to improve security on the platform” (Engadget reported Jelly Bean adoption had reached 1.2 percent of Android phones and tablets as of September).
The Android malware identified by F-Secure is not broken down by app store source — so it’s not possible to determine what proportion comes from the Google Play store. “We can’t produce stats on the amount of malware from Google Play vs elsewhere as most of our samples come via anonymized sources,” Mikko Hypponen, F-Secure’s chief research officer, told TechCrunch.

No comments: