Android users face greater threat from malware today than they did six months back.
A new report from security services provider Lookout warns that Android users are two and a half times as likely to encounter malware today than 6 months ago.
As if that were not scary enough, Lookout adds that three out of ten Android owners are likely to encounter a web-based threat on their device each year.
It seems an estimated half million to one million people were affected by Android malware in the first half of 2011. That is a depressingly large number.
Android apps infected with malware went from 80 apps in January to over 400 apps cumulative in June 2011, says the Lookout study.
The open distributed application model for Android, where users can download Apps (that may not even be vetted by anyone) from multiple sources, is a key reason for the greater security issues on this mobile platform. In contrast, Apple exercises tighter control on its application download process with its single source plus a vetting process for each app.
Malware writers are also said to be using new distribution techniques, such as malvertising, drive-by-download and upgrade attack.
In an unsurprising conclusion, the Lookout report discloses that both web-based and app-based threats are increasing in prevalence and sophistication.
Now you know why we use Apple’s iOS mobile devices like iPhone and iPad. 😉
Lookout Mobile Threat Report
Are you by any chance trying to console yourself for having iPhone instead of Android mobile?
It is a known fact that Android is reaching almost 50% market share in smart phones and has become a major threat for the likes of Apple, Symbian and the already non-existent Windows CE.
Malware increase is not just because of security hole but also shows the popularity.
The same reason why there are so many viruses/malware/trojans etc for Windows desktop OS as compared to Linux and Mac. No matter what the Linux guys say, Windows still has more than 90% market share in desktops.
Unless some OS is so much popular why would someone spend time & energy to write malware for it?
So whether you like it or not, Android is zooming and it is really worth it!!
1. You write: Are you by any chance trying to console yourself for having iPhone instead of Android mobile?
For the most part, we’re happy with the iPhone.
2. You killed yourself with your Windows/Linux analogy.
It’s no secret that MSFT has put out some of the buggiest products in history and still it’s popular. Why? Because it’s cheap trash. Plus, most humans can’t distinguish between a Picasso/M.F.Hussain and their three-year-old child’s scribbling. The concept of discerning fine quality (and being able to afford it) is given to few.
Just as a Trisha is not the same as an Aishwarya Rai, all software is not created equal. 😉
With Linux, the principal issue with consumers is the UI and lack of drivers for a lot of add-ons.
3. You write: Unless some OS is so much popular why would someone spend time & energy to write malware for it?
You’re missing the point. No one’s talking about Android’s popularity. It’s the process of getting the apps on to Android phones that increases its vulnerability to Malware.
Google took the cheap way out and Android users are paying the price for it.
With humans, any freedom is quickly liable to misuse unless there are strong checks and balances. This applies to getting apps on to phones as much as it does to governments. There has to be a central vetting process for the Android apps.
Isn’t Microsoft’s flagship, the Windows OS much more expensive than any of its main competitors? The base version of Windows 7 retails for $99.99, which is more than thrice the cost of Lion. Of course, most flavours of Linux are free. I believe even an OEM version of Windows that laptop manufacturers get is around the $30 range (an unverified figure, so I stand every chance of being wrong). Rather than using the adjective “cheap” for Microsoft itself, I guess a more accurate statement would be that a combination of MS and non-Apple hardware is cheap, for the key point of difference is the cost of Apple Hardware. In fact, at retail outlets Linux-based laptops sell for less than MS-based ones (which sell for less than Macs).
The statement that malware doesn’t exist for Linux/Unix-based software (or that people go easy on these OSes because of low uptake) is a myth. Most malware programs today are written targeting browsers or web programming loopholes. The most widely used web-server combination in the world today is LAMP: Linux + Apache + MySQL + PHP. Some variants use MAMP (Mac + the others) and some are based on a Windows stack with PHP. Individually Linux, Apache, MySQL, PHP and Mac are pretty secure, but what is screwy is the kind of PHP code that developers put out there. This compromises the server that the code is being run on, infecting an installation. There are several thousands of Linux installations that have been infected due to this kind of a flaw without the owners even being aware of it.
For example when you use WordPress, a lot of the premium themes in the marketplace rely on a script called TimThumb for image resizing. Recently there was an article on a major security hole in TimThumb, that a hacker could exploit and place a nasty script on your server. Some such scripts like the sneakily brilliant C99MadShell can give the hacker complete control of your machine. The hacker could then add another script that sniffs out passwords, inserts ads for the little blue pill across your site and so on.
So who do you blame here? Do you blame TimThumb or the themes that use it? Even themes that you pay a hefty $164 for are guilty of using this script, so you can’t really accuse the end-user of being cheap and cutting corners. The problem is that the ecosystem today is very complicated and there are several points where things could break down. Just consider the example above, where if you detected a hack, to choke a throat you will have to look at Linux/Mac/Windows, Apache/IIS, PHP, WordPress, TimThumb or the theme. Even if each individual point is controlled very tightly controlled, and even if every program requests specific permissions, a poorly coded PHP file (or ASP or JSP file) could easily be exploited to bypass the permissions and open the doors of your servers to uninvited visitors.
Even the iOS ecosystem has its own loopholes. E.g. On two different occasions I have received bills quoting some third-party services on my iPhone bill, while I never requested for any of those. What happened is that while my 5 years old son was playing some games on the iPhone, he was shown some ads. He clicked on those ads by accident, which sent out my phone number to the ad-makers and they started sending me text messages, then billed me for using their service. This wasn’t a bill from the iTunes store mind you, which is controlled enough to ask me for a password if I want to make a purchase. Rather, this was a bill from an advertiser passed on to my phone company, because the advertiser was able to pull my phone number by dint of advertising through an iPhone app. I guess my son could be considered guilty for clicking an ad, but isn’t it Apple’s fault for not clamping down on ads that can retrieve my phone number just like that? What good is the controlled nature of iOS if such things slip through?
1. You write: Isn’t Microsoft’s flagship, the Windows OS much more expensive than any of its main competitors? The base version of Windows 7 retails for $99.99, which is more than thrice the cost of Lion.
Since only a microscopically small number buy Windows OS at retail, that’s not a very germane point to the discussion.
When laptops & PCs are selling from $299-$349, the Windows OS could cost the OEM $30 or less. That makes Windows cheap and as for the trash part in a previous comment-response it’s no secret that historically Windows has been open to more exploits than other software.
2. You write: I guess a more accurate statement would be that a combination of MS and non-Apple hardware is cheap, for the key point of difference is the cost of Apple Hardware.
The former part of your above sentence is obviously true but the latter doesn’t make sense because with Mac you just can’t uncouple the hardware and OS.
You just can’t buy some off-the-shelf hardware and install Mac OS X Lion or the older Snow Leopard. Nor can you buy Apple hardware minus the software. Yes, there’s always a one in a billion hobbyist who does it. But we’re talking mainstream users.
With Mac, we’d say you’re paying for the total experience (hardware, software, ease of use, and even aesthetics).
Commoditization has its virtues (lower prices) and its flaws (quality, innovation and durability often take a beating). With Apple, the absence of commoditization and tight control of both Hardware and software has worked on the quality/innovation front but its pricing has made it unaffordable to a lot of people. Even after Mac’s recent resurgence, we doubt it’s got more than 5-7% of the global consumer PC market.
3. As for the billing surprise because of your son’s inadvertent clicking an ad on an iPhone game, thank God for NKNP (No-Kids, No-Pets). 😉
Sending your phone number to those guys is definitely a no-no.
Seriously, it’s not something we hear often of vis-a-vis Apple products. If you can identify the errant game, you might want to send a note to Apple directly or via the AppStore reviews of the game.
One problem with Microsoft is – First we’re made to get excited about an upcoming product of them, we expect a roar, but it comes out and meows, We live with it and its loopholes for sometime, when we’re sorta ok with it, they’ll release next version of the product with great features and greater loopholes!!
Microsoft’s policy often is – ‘We’ll fight error with error’. 😉 (Borrowing from avatar’s fighting terror with terror)
But then, who cares! hey, I’m a microsoft guy for now!
You write: hey, I’m a microsoft guy for now!
You and just 4.9 billion other sheep.
Actually I also had folks who are upgrading in mind – that number is not small (it is probably higher than the total number of Mac users), and even upgrade versions of Windows cost a lot.
I don’t believe ads are an integral part of an app in iOS. Rather, the ad is selected based on match criteria that is determined by the iOS ecosystem. So basically an app developer doesn’t build out an app with ads.
On an unrelated note: http://www.g4tv.com/attackoftheshow/blog/post/715165/the-dark-knight-rises-reveals-anne-hathaway-as-catwoman/. If that is not a stunt double, Anne Hathaway looks delectable.
1. You write: I don’t believe ads are an integral part of an app in iOS. Rather, the ad is selected based on match criteria that is determined by the iOS ecosystem. So basically an app developer doesn’t build out an app with ads..
Integral to the iOS or not, ads are becoming part of the iOS ecosystem. Particularly on the Free Apps. We see ads on apps like Flixster, Desi Radio and more.
Given unwillingness of people to pay for Apps, increasing number of app developers are compelled to thrust ads into the face of users.
Plus with both Apple & Google pushing ads on mobile devices, we’re likely to see more ads on apps running on iPhone, Android and what-not.
2. You write: Anne Hathaway looks delectable.
Well, the sight of a pretty White woman in tight-fitting Black clothes on a snazzy Batpod is enough to stir the loins of even hardened ascetics like Vishwamitras.
That said, Anne Hathaway is a fine actress. Impossible to forget her stellar performance in Devil Wears Prada where she was pitted against the formidable Meryl Streep.
Any android application, malware or otherwise, requests for specific permissions at the time of installation, unlike iOS. For example, a phone dialer app will request for permission to dial phone numbers.
Users can easily opt out from installing applications with suspicious permissions. A malware app disguised as a wallpaper app, may for example request permission to read contact data. That should raise a red flag. If users are dumb enough to install such apps, then they deserve to be infected.
Or they can just stick to the Android / Amazon official app stores, or just trusted sources for apps, if they want to be safe while being dumb!
Absence of a formal vetting process for Android Apps except in Amazon marketplace and Verizon V CAST is a serious issue.
Humans being what they are will look for apps wherever available if they can’t find it on Amazon or Verizon.