Android devices: Popular with users…and cybercriminals

People often ask me, “Is mobile malware really that big of a problem?”

After just publishing the Kindsight Security Labs Malware Report for the third quarter of 2013, I can tell you 0.6 percent of mobile devices are infected in a typical mobile network.

That may not sound like much, and compared to the residential infection rate of 10 percent, it is small. But mobile network infections have grown 20 percent in 2013.

Q3 Mobile Device Infection Rates (Source: Alcatel-Lucent Kindsight Security Labs)

Some of the rise can be attributed to the introduction of 4G LTE networks, but it’s not related to security flaws in the network technology itself. LTE networks are built on the well-tested, stable and secure IMS platform. The data shows that LTE device infection has much more to do with their owners’ data usage and browsing habits. Simply put, LTE users are more likely to get infected because they use the Internet more.

The strongest indicator for infection is the operating system of the device. Android™ phones account for about 60% of all infected mobile devices. Infections on iPhone® devices and BlackBerry® devices make up less than 1 percent. The remaining 40 percent of mobile infections are attributed to Windows laptops tethered to the mobile network.

Why are Android devices such attractive targets for malware? One reason is their popularity. Recently Android devices surpassed Apple devices in market share. And with billions of devices running on the Google operating system, cybercriminals can easily hit a lot of Android users with a malware.

Android devices are also more susceptible to malware because the Android app market is not strictly controlled. iPhone users can only download apps from the Apple® Store. Microsoft only allows Windows phone users to download software from its Windows® Store. By contrast, Android users can install software from a variety of locations, not just the Google Play™ Store. And while legitimate Android storefronts abound, not all are successful in screening out bad applications.

Even Google Play has its vulnerabilities. Symantec reported last month that it found some 2,500 scam apps in Google’s storefront that were posted between the beginning of the year and the end of August.

As a result, Android devices are more exposed to malware threats. They can be compromised by hijacked, trojanized apps offered through third party app stores, or even Google Play. Highjacking popular Android apps for the purpose of infecting devices is easy to do. Hackers can inject malware into just about any Android app, repackage it and sign it for distribution using a self-signed certificate. Unsuspecting Android device owners infect their phones by simply downloading the app. It makes it all the more important for Android users to pay close attention to app permissions when installing or updating apps.

Once devices become infected, hackers can gain access to, even take control of, the devices to steal personal information, commit corporate espionage and launch fraudulent banking and advertising scams. Worse yet is people often have no idea their devices have become infected. They frequently haven’t taken the appropriate security precautions for their devices, and even then a malicious app can easily evade detection by device-based anti-virus.

Service providers and their mobile networks are actually part of the solution as network-based malware detection is the best defense against infection. Operators should be using their networks to provide value-added malware security services to subscribers. By leveraging the network to detect infections and pinpoint which devices are at risk, they can immediately notify subscribers who’ve become victims and provide instructions on how to eliminate the malware threat.

That’s a win-win for everyone except the cybercriminal.