Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

With 97% of Malware Aimed at Android, Can an Android Device Be as Safe as an iPhone for Example? App-solutely.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Two figures leap out of just about every survey on smartphones. Globally, Android has 87 percent of the market and 97 percent of the malware.

In 2012 there were 238 threats to Android. That jumped to 804 in 2013. And, over that same timeframe, threats to Apple iOS, BlackBerry OS and Microsoft Windows Phone were a goose egg, nil, zero, nada, none. These figures come from a piece on, which explains that the 3 percent of malware that didn’t go to Android went to Nokia’s now defunct Symbian platform.

So, if you want to be safe, get ABA (Anything But Android), right? Not so fast says Gordon Kelly in his piece:

Let’s be clear. From a statistical viewpoint researcher and security specialist F-Secure got them right. Android does account for 97% of all mobile malware, but it comes from small, unregulated third party app* stores predominantly in the Middle East and Asia. By contrast the percentage of apps carrying malware on Google’s official Play Store was found to be just 0.1% and F-Secure acknowledges rigorous checks mean “malware encountered there tends to have a short shelf life.”

If you want to stay safe on Android [here’s] the solution: stick to buying apps on the Play Store and every one in 1000 apps you buy may have had malware for a brief period.

Strangely F-Secure didn’t reveal figures for Amazon’s Apps for Android store, but other third party Android stores didn’t fare so well. Mumayi, AnZhi, Baidu, eoeMarket and liqucn were found to have 6%, 5%, 8%, 7% and 8% malware penetration respectively and an appalling 33% of apps were infected in Android159. Repacked or faked games were the big target and since it isn’t difficult to taint an app with malware the message is simple: steer clear of third party app stores that don’t have the resources to effectively scan and police their libraries.

Despite these figures, F-Secure … stressed each new version “has included a number of security-related changes that help mitigate the effects of malware. “ Consequently rather than laying the blame at Google’s feet, it stressed the real problem was fragmentation caused by hardware manufacturers failing to update their devices to the latest version of Android.

But Google doesn’t get off scot-free. Google lags a long way behind Apple when making its app store available around the world. The most notable omission is China, where Apple has made significant progress in recent years.

Furthermore, while Google Play users in most countries can now purchase apps, the countries where developers can sell apps remains hopelessly restrictive. For example there is no developer support in Africa and only Argentinian and Brazilian developers can sell apps through the Play Store in South America.

It is worse when it comes to media content with only Australia, Japan, the UK and US currently able to buy TV shows while music purchases only expand that list within European countries. As such the countries where customers and developers are most likely to be attracted by the cheap prices of budget Android handsets are the least well served.

Which leaves us with the all too familiar scenario that Android’s malware problem isn’t as black and white as many would have you believe. The truth is it is easy to stay safe on Android. The problem is that sentence relies on where you live.

One nagging question remains. Does Kelly himself use an Android smartphone? We guess that must depend on where he lives.

By ThreatMetrix Posted