Android Now Worst OS for Malware!
We've all seen story after story warning us that this app records and uploads calls or that app is spying on you in Android. One thing people in the modding community love is the open source nature of the platform and the open attitude of Google. MS was criticized for taking a very closed Apple-like route with Windows Phone 7, and Apple has always been criticized by some for their strict App Store qualifications.
Well it seems that this has backfired on Android with regards to malware. MacAfee reports that Android malware threads leapt 76% in Q2 of 2011. This is not good news for Google and they want to rethink they're "everything open" policy, especially regarding their looser standards on the Android Market.
"This year we’ve seen record breaking numbers of malware, especially on mobile devices, where the uptick is in direct correlation to popularity," says Vincent Weafer, senior vice president of McAfee Labs.
"Overall attacks are becoming more stealthy and more sophisticated, suggesting that we could see attacks that remain unnoticed for longer periods of time. High-profile hacktivist groups have also changed the landscape by drawing a line between attacks for personal gain and attacks meant to send a message."
In the report you see the following graph comparing mobile platforms with their respective new malware percentage. As you can see, Android has a very large piece of the pie!
One reason some users prefer iOS and WP7 to Android is the security these platforms offer over Android. Any mobile OS can be hacked into, every one of them has vulnerabilities, but it seems Android is rife with malware and this doesn't look to be changing any time soon.
One other thing the report mentions that I found interesting was that MS threats are tiny compared to Adobe.
This isn't something you might expect, but remember the latest untethered iOS jailbreak relies on a PDF exploit and did the last web based jailbreak created by famed iOS hacker Comex.
Does this affect your buying decisions? Are you concerned with Mobile OS security?
© 2011, orangekid. All rights reserved.
wonder why there is no mention of the “cost to the customer” for this so called “security” in the apple store. Android Market has a lot of free apps. YOU have to grant these apps permission. If you don’t like what the app is requesting, don’t use it.
@meccadon123, I haven’t seen a “record my phone calls and upload them to your private server” permission in any app I’ve downloaded.
What cost to the customer are you referring to?
Yawn..I wouldn’t trust this report too much..according to 3rd parties iOS has just as many programs that upload your information. McAfee has a stake in us buying Antivirus programs and Android is the easiest market for mcafee to exploit.
Give me a 3rd party result who has no stake in me buying antivirus.
Looking at the report DroidDream seems to be the only real malware which is patched in 2.3 (report ironically did not include which versions these malware effect)..the others simple make use of sending a premium SMS…and I don’t install any app that asks permissions for sending sms unless its an sms app..
@gTen, Can you show a report showing that iOS has malware? MacAfee can make an AV app for iOS just as it can make one for Android. I don’t see any reports showing iOS or WP7 malware but plenty showing Android
@orangekid, Here you go:
http://blogs.wsj.com/wtk-mobile/
this shows all the personal information apps are transmitting for BOTH Android and iOS without your knowledge.
There is no reports for WP7 yet since its new to the market.
BTW, Mcafee did make antivirus for iOS a few days ago (before the report was published)..so just wait till Q3 report and they will “conveniently” find some iOS malware..
@gTen, That’s not the same thing, we’re talking about saving recorded conversations to SD and uploading to a private server from third party apps and such.
Will look forward to and publish the MacAfee report when it comes out.
@orangekid – so your saying sending your phone numbers and your contacts and your location without permission is not the same thing?
@gTen, jaja gingerbread fixes everything doesn’t it?
@eric12341, No it doesn’t but I’d like you to run windows with no service packs or any security updates and see the difference…
@gTen, Have to agree completely. I have yet to get any sort of malware on my android device and I haven’t exactly been careful. ANY mobile OS can be exploited as the article mentions. Android has an open app market based on the preference of users. It is their responsibility to safe, but in return they don’t have a nanny telling them what they can and can’t have. This has made for some fun apps in the android market that iOS and WP7 will never see. Someone with a jailbroken iphone can just as easily run an infected app. Sure if you want safety, just do as you’re told in the safe, restricted space, but that isn’t an android user. Simple solution, an app that blacklists known infected apps and updates daily. Problem fixed no matter how scary you try to make an open market sound. I’ve seen plenty of scanners some of which are free and highly rated.
Just wondering though, what are these apps with droiddream, etc? Always hear about them, no article ever says the name of one. What are people downloading and how do they come by these? Are they in popup ads like most for PC? Any sites/blogs that keep up with this?
@saibot, One of them was an app called foggy window or steamy window. Its no longer in the market, but turns out I downloaded a copy, but it wasnt the one with the virus. Google supposedly zapped the app and removed it from the market. Even If i got the virus I wouldnt care I would just do a wipe and reinstall if it was that bad. No OS is completely safe.
Its now Windwos ME the damage wont be catastrophic. Not like I tried to plug a printer in to the phone or anything.
I think it is just Mcafee feeling the PC market share shrinking, and in order to be the “leader” in mobile protection they pull a stunt like this(fight or flight). There are free virus solutions in the market anyway that protect against droid dream. I ran one after I realized I had steamy window and it said my evo was clean.
Think about it who uses Mcafee anyway? There is AVG, ZoneAlarm, Lavasoft, Comodo, Kaspersky, Trend Micro all of which who offer PC protection software for free. Linux/MAC users don’t need anything like that including the so McAfee has to continue to forge a user base. Guess the old people that shop at WalMart for PC protection software is dying off.
Thats the way I see it. Frankly if IOS/OSX is to BSD what Android is to Linux technically if a virus is written for one it could be written for the other. Don’t be so naive Ifans you are not immune. If anything you are as vulnerable or more so. IF I am not mistake, and I could be, but cant Bash scripts could run on both.
Is this kind of report really news? I mean, come on, a completely open platform where malware writers have access to source code for exploitation, an open marketplace (not to mention side-loading ability), plus the number of folks that root their devices, plus the fact that people are inherently dumb… and we’re surprised it’s getting attacked by malware authors? But I agree with some earlier posts… McAfee is trying to drum up sales here because nobody likes them on the PC platform anymore either.
@GoodThings2Life, I use Microsoft security essentials on my PC.
@eric12341, Me too. Stays out of my way and does it’s job.
Google’s lazy, plain and simple.
The don’t have to censor their apps based off of content, they just need to make sure the apps does what the apps CLAIMS to do and nothing more than that.
Why is this so difficult, most people aren’t sideloading their apps but it should be embarrassing for Google to have malware in the Google store. If any backdoor code is found that publisher should be blacklisted and this list shared amongst all of the other APP stores on all platforms.
Worst? Don’t you mean BEST EVER?
Walled Gardens…. they’re good for some things.
In other breaking news, people still burn their houses down trying to deep fry frozen turkeys. So I guess that makes them the worse risk for poultry-based deep frying house losses.