The stories show up in dribs and drabs. They explain in simple, yet frightening terms the terrible, catastrophic conundrum Android users find themselves in. There is malware designed to exploit users as there always had been, but now it’s after Android devices. Surely, if these doom and gloom reports are accurate the sky must be falling, and it is landing primarily on Android. But when one looks beyond the skewed data and big, scary numbers, the reality is much less daunting.
It has long been known that Android’s more open platform is technically more exploitable than a closed one, like iOS. According to Juniper Networks, the bad guys are taking note of this in a big way. Juniper claims that Android malware has exploded 472% since July of this year. With a number like that, things must be positively falling apart in the Android Market, right?
What the report cleverly dances around, is that the numbers cited include all malware signatures detected across the entire internet, not just those in the Android Market. It even counts variations of existing threats as new incidents, which also serves to inflate the number. A large proportion of Android malware is found in online “ware ” forums where users trade pirated apps. Many more are found in legitimate third-party application repositories hosted in other countries.
While the Android Market allows anyone to upload apps, Google actually does police it fairly well. Apps that exhibit suspicious behavior are pulled very quickly, and the company can even remove malware remotely if it has to. That makes the unregulated forums and unofficial application stores better hunting grounds for scammers and attackers.
The Juniper report is not even a unique document; the well-known antivirus company McAfee recently issued a similar statement claiming that there was a significant (though much less eye-popping) increase in Android malware of 37% since last quarter. The vastly different conclusions these two reports come to should be a clue that things are not necessarily what they seem.
It’s not really about offering an accurate measurement of threats, but about scaring users and getting attention. Googler Chris DiBona said as much in a recent Google+ post where he railed against security firms using inflammatory language to warn of Android viruses and malware. DiBona reminds us that the sandboxed mobile platforms, such as Android and iOS, are not as vulnerable as the old-fashioned desktop systems are. Things like drive-by downloads just can’t happen on Android.
It’s that desktop paranoia that security firms are relying on; the idea that the phone is vulnerable just browsing the web. Instead, because most Android malware is on the open internet, it is incredibly hard to get infected. Users that want to install more risky downloaded application packages have to jump through a not insignificant number of hoops to do it.
Apps manually downloaded from the internet require that the user first set the device to allow unknown app sources, which is down in a sub-menu that most people never see. Then the malicious APK file has to be downloaded. When the package is on the device, a user has to find the file and launch it. Android pulls up an installation dialog that lists the permissions requested by the app, and only then is the user allowed to install it. For the overwhelming majority of sketchy Android apps, the user has to go far out of the way to get infected.
Especially when looking at a company like McAfee, which sells antivirus, users should remember to be skeptical. The firms producing these reports are counting on people to be gobsmacked by multi-hundred percent increases, and millions of new malware signatures. The reality is that mobile operating systems are much safer than most analysts would have us believe.
Reports of exponential Android malware growth greatly exaggerated to freak you out
0 comments:
Post a Comment