Smartphone manufacturers, app developers and consumers love Android’s open ecosystem
However that popularity comes at a price, with more and more malware targeting the platform
MORE than one billion Android devices have been activated throughout the world, according to a post on Google+ by Google Inc senior vice president Sundar Pichai.
The Android platform has overtaken the iOS mobile market in many countries including Malaysia, based on a recent poll conducted by Trend Micro Malaysia.
It is of no surprise as the open ecosystem is what smartphone manufacturers, app developers and consumers love, but this comes with a price, Trend Micro said in a statement.
The open platform exposes users to become easier target for cybercriminals – 63% of the respondents who took part in the recent poll on the Trend Micro Malaysia Facebook page are Android users but only 19% installed additional mobile security.
Both the iOS and the Android platforms have built-in capabilities to resist web-based attacks such as traditional access controls, permission-based access control and limiting hardware access.
However, both platforms also have security weaknesses, according to a recent post by application security company Veracode. Furthermore, in Trend Micro’s Q2 Security Roundup for the year, more than 700,000 malicious and risky apps were already found in the wild.
“Due to the continuous popularity of the Android platform among users, Trend Micro had earlier predicted that 2013 would be the year that mobile threats, specifically malware and high-risk apps, would reach the one-million mark,” said Goh Chee Hoh (pic), managing director of Trend Micro Inc’s South-East Asian operations.
“With three months left to spare before the year ends, our prediction has already came true – our Mobile App Reputation data indicates that there are now one million mobile malware (such as premium service abusers) and high-risk apps (apps that aggressively serve ads that lead to dubious sites).
“Among the one million questionable apps we found, 75% perform outright malicious routines, while 25% exhibit dubious routines, which include adware,” Goh added.
Top 3 threats
Although Google is taking steps to keep the Android system secure using known features like the Bouncer service or automated scanning, sandboxing, permissions system, and remote malware removal, Android malware continue to rise alongside the growing market for Android devices.
Here are the top three threats that Android users may face:
1) Premium service abusers
Cybercriminals are using all kinds of tricks to get users to download malicious apps including creating fake versions of Skype, Instagram, Angry Birds Space and other legitimate apps which will then send unauthorised text messages to certain numbers and register users to costly services.
Trojans are deployed to hijack a handset enrolled in premium service contracts, allowing the dispatcher to remotely access the same services that are paid for by the owner of the infected device.
2) Rootkits or data mining
The ‘Master Key’ Android vulnerability allows cybercriminals to replace legitimate apps with malicious copies that release rootkits deep inside a phone's system with one programmed task – to record sensitive data such as key strokes, passwords and locations.
Mobile phishing sites are another method of tricking users into divulging personal information.
3) Fake URLs
With the prevalence of shortened URLs shared via the various social networks, users are tricked into visiting sites that are compromised, allowing for a virus to be planted on their devices that will steal information and breach user privacy.
Keeping with the times
The rising popularity of smart devices is a growing concern as threats against mobile devices are catching up with their desktop counterparts in terms of severity. With high-profile incidents like the mobile phishing pages with fake WhatsApp notification serving a multiplatform threat, the Master Key vulnerability, and not to mention the growing number of online banking transactions via mobile devices, here are a few additional security steps that users can take:
Use your smartphone’s built-in security features: Keep your smartphone safe from abuse and/ or misuse by properly configuring your location and security settings.
Avoid free but unsecured WiFi access: Accessing the Web via an open network may be convenient and free but it also allows anyone to access your phone.
Scrutinise every app you download regardless of source: ‘Trojanised’ apps also find their way to official app stores so users would still be encouraged to closely scrutinise apps they download.
Understand the permissions you are allowing before accepting them: Be careful about granting access to personal and/ or device information or letting apps do other unnecessary actions in order to work.
Invest in an effective mobile security app: Being wary when downloading and installing apps isn’t enough; to stay protected anywhere and anytime, users should consider investing in a mobile security app to effectively defend their device against the latest mobile threats.
Android ‘Master Key’ vulnerability affects 99% of devices
Security top concern in age of mobility: Trend Micro
Mobile and Android malware threats continue to rise
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.