According to research conducted by Juniper Networks, Google’s Android mobile operating system exploded in malware in just the past few months. In fact, Android saw an increase by 472% in malware since July of 2011. And it seems that Google is doing nothing about it, yet.
“We’re seeing a mix of the traditional hacking community [working] on malware very similar to organized efforts on the PC side, as well as people who are just a little smart, the ’15-year-old kid crowd,’ who are able to hide some malicious content in an app. We’ve seen an exponential growth in Android malware over the last several months,” Juniper’s Chief Mobile Security Analyst Dan Hoffman stated in an interview.
According to Juniper, the problem lies with Google not controlling what apps can be installed on an Android mobile device. Google doesn’t police what apps are on the Android Market and doesn’t restrict all apps to its own distribution channel. Unlike Google, Apple code-signs its iOS apps and makes third-party app download centers possible. On top of that, Apple screens all apps that are submitted. “Android’s open applications store model, which the lacks code signing and an application review process that Apple requires, makes it easy for attackers to distribute their malware.” Hoffman argues.
Most of the malicious apps are pirated versions of legit apps and are hosted on alternate download sites located in Asia or even in the Android Market.
Three different waves of malware hit the Android Market back in March, June, and July of this year and an unknown number of users downloaded the malicious apps unknowingly.
“No matter what policies an app store may have, the real way is to protect a device is to protect it with security software,” Hoffman added. “You have to protect your mobile devices just like you protect your PCs.”Further reading: Android, Google, Security