Think sticking to the Google Play store for downloading your apps will keep you safe from Android malware? Think again. The official app store of Android may be a pretty viable source of security issues it seems.
F-Secure Releases Malware Report: 79 Percent Targets Andriod
On Thursday, Android got a low blow to the belt as F-Secure, a security firm in Finland, released a report stating that 79 percent of all malware in mobile devices in 2012 was found specifically on Android devices. Just adding a little salt to the wound it seems Apple's Senior Vice President of Marketing, Phil Schiller, also decided to take this moment to get a little jab in at the mobile platform competitor issuing a rare tweet saying "Be safe out there" with the F-Secure report link attached.
While many new sources were reporting on F-Secure's recent study, some questioned the author's reasons for publishing the report, even suggesting that the entire thing was simply part of an agenda to sell more security products.
Here is what one writer had to say on the issue:
"It is worth pointing out that the author of this report, F-Secure, sells mobile security products and certainly has an agenda. It wants consumers and businesses to adopt its mobile security and protection products. It is also worth mentioning that in 10 years as a smartphone owner, I've never once experienced, witnessed or even heard of a malware problem affecting anyone. Is there a threat? Sure, but it isn't all that significant, in my opinion ... "
The author then goes on to offer this advice to his readers:
"Here's a pro tip to avoid malware: Don't click on random SMS messages that show up from unknown sources, and only download apps from the Google Play Store (or your official mobile app store)."
Of course when I read this I had to smile because the day before Brian Krebs, of Krebs on Security, posted an article, which was almost in direct opposition to this advice concerning the Android Google Play store.
Malware Creators Pay $100 For Google Play Accounts
According to Krebs, the explosion in Android malware, which ballooned to encompass 96 percent of all mobile malware in the fourth quarter of 2012, is due in part to the fact that there is a large market for access to "active" Google Play accounts. It seems that if a given Google Android developer has an active Google Play developer account they would like to sell off, virus and malware writers are willing to offer four times what Google will give developers for those excess accounts. By purchasing these accounts, those who create malware are more easily able to spread their malicious content by disguising it as legitimate Google Play store Android apps.
According to Brian Krebs, if you go into the deep "underweb" a world of cyercrimals and security attackers, there is a forum he recently came across where an Android malware developer was "actively buying up verified developer accounts at Google Play for $100 apiece. Google charges just $25 for Android developers who wish to sell their applications through the Google Play marketplace, but it also requires the accounts to be approved and tied to a specific domain. The buyer in this case is offering $100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server ... "
If this is not unsettling enough, Krebs goes on to add this piece of information:
"Unsurprisingly, this particular entrepreneur also sells an Android SMS malware package that targets customers of Citibank, HSBC and ING, as well as 66 other financial institutions in Australia, France, India, Italy, Germany, New Zealand, Singapore, Spain, Switzerland and Turkey (the complete list is here). The targeted banks offer text messages as a form of multi-factor authentication, and this bot is designed to intercept all incoming SMS messages on infected Android phones."
Really makes you want to go out and buy an Android, right?
iOS Is The Most Secure Platform on The Market: Why I'm Still a Fanboy
For those interested in security issues, I would recommend reading the rest of Krebs's excellent article, but in reading it, I for one certainly felt glad to know the device I'm carrying bears an Apple logo and not a green robot.
As Krebs so adeptly noted, you can
"Say what you will about Apple's "closed" or "vetted" iTunes store for iPhone apps, but it seems to do a comparatively stupendous job of keeping out malicious apps ... "
And indeed it does as malware has been growing by leaps and bounds in direct relation to the growth of the mobile market in general.
In looking a the figures presented by F-Secure, other major platforms including like Apple's iOS, BlackBerry, and the Windows Phone each made up less than one percent of mobile phone malware infections.
While this makes sense for mobile minorities like BlackBerry and Windows Phone, it's a pretty amazing feat to have such a low instance of malware in such a widely used platform as iOS.
Being a member of the jailbreak community, I am certainly are aware of just how secure Apple's system has become as it took nearly 5 months for an iOS 6 jailbreak to emerge. Though Apple certainly could do with coming up with some new ways in iOS 7 to enhance user experience and customization options, I for one today am very thankful for the security of Apple's system, and their commitment to protecting my data and information.
For More Security Stories See Also: