With 97% of Malware Aimed at Android, Can an Android Device Be as Safe as an iPhone for Example? App-solutely.

Posted on March 31st, 2014 by Dan Rampe

Malware

Two figures leap out of just about every survey on smartphones. Globally, Android has 87 percent of the market and 97 percent of the malware.

In 2012 there were 238 threats to Android. That jumped to 804 in 2013. And, over that same timeframe, threats to Apple iOS, BlackBerry OS and Microsoft Windows Phone were a goose egg, nil, zero, nada, none. These figures come from a piece on Forbes.com, which explains that the 3 percent of malware that didn’t go to Android went to Nokia’s now defunct Symbian platform.

So, if you want to be safe, get ABA (Anything But Android), right? Not so fast says Gordon Kelly in his Forbes.com piece:

Let’s be clear. From a statistical viewpoint researcher and security specialist F-Secure got them right. Android does account for 97% of all mobile malware, but it comes from small, unregulated third party app* stores predominantly in the Middle East and Asia. By contrast the percentage of apps carrying malware on Google’s official Play Store was found to be just 0.1% and F-Secure acknowledges rigorous checks mean “malware encountered there tends to have a short shelf life.”

If you want to stay safe on Android [here’s] the solution: stick to buying apps on the Play Store and every one in 1000 apps you buy may have had malware for a brief period.

Strangely F-Secure didn’t reveal figures for Amazon’s Apps for Android store, but other third party Android stores didn’t fare so well. Mumayi, AnZhi, Baidu, eoeMarket and liqucn were found to have 6%, 5%, 8%, 7% and 8% malware penetration respectively and an appalling 33% of apps were infected in Android159. Repacked or faked games were the big target and since it isn’t difficult to taint an app with malware the message is simple: steer clear of third party app stores that don’t have the resources to effectively scan and police their libraries.

Despite these figures, F-Secure … stressed each new version “has included a number of security-related changes that help mitigate the effects of malware. “ Consequently rather than laying the blame at Google’s feet, it stressed the real problem was fragmentation caused by hardware manufacturers failing to update their devices to the latest version of Android.

But Google doesn’t get off scot-free. Google lags a long way behind Apple when making its app store available around the world. The most notable omission is China, where Apple has made significant progress in recent years.

Furthermore, while Google Play users in most countries can now purchase apps, the countries where developers can sell apps remains hopelessly restrictive. For example there is no developer support in Africa and only Argentinian and Brazilian developers can sell apps through the Play Store in South America.

It is worse when it comes to media content with only Australia, Japan, the UK and US currently able to buy TV shows while music purchases only expand that list within European countries. As such the countries where customers and developers are most likely to be attracted by the cheap prices of budget Android handsets are the least well served.

Which leaves us with the all too familiar scenario that Android’s malware problem isn’t as black and white as many would have you believe. The truth is it is easy to stay safe on Android. The problem is that sentence relies on where you live.

One nagging question remains. Does Kelly himself use an Android smartphone? We guess that must depend on where he lives.

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.