richi

Exponential rise in Android malware? Not really.

by Administrator ‎21-11-2011 04:41 AM - edited ‎21-11-2011 04:46 AM

According to curiously-anonymous researchers at Juniper Networks, there's been a "472% increase in Android malware samples since July 2011." Seriously? Can that really be true? And even if it is, what does it mean?

The report implies that the rise in malware was measured on Google's Android Market. However, that's not actually the case. As Gregg Keizer points out, the vast majority of these malicious apps can be found at the "scores of alternate...Chinese app stores."

These shady locations are where we saw previous infestations of Symbian and Windows Mobile malware. Back in the day, these also caused loud proclamations of concern. However, those worries were full of sound and fury, signifying nothing.

So, does this mean that average Android users are four or five times more likely to infect their phones than they were a few months ago? No.

The average Android user doesn't seek out apps from shady, no-name app stores. Neither do they delve into scarily-named settings menus, uncheck the box that restricts their phone to the Android Market, and ignore the dire warning that then gets displayed.

Basically, this statistic is, if not a damn lie, then at least extremely carefully worded to imply that the Android Market is riddled with malware, while not actually saying so.

By the way, it's incorrect to say that the Android Market "lacks...an application review process." As I said last week, if you seriously think Google runs the Store as a laissez-faire, care-free operation, I have a delightful bridge to sell you.

It's also meaningless to say the Android Market "lacks code signing." A signature doesn't protect you from malware, it simply gives you a measure of assurance in who published the code. Nobody--for suitably small values of "nobody"--checks application signatures before downloading an app. It's basically meaningless.

This is a large ball of FUD. It's just the latest scare by an Android AV vendor to separate you from your money. Don't be fooled.
  

Richi Jennings is an independent analyst, specializing in blogging, email, spam, security, and other technology topics. His writing has won American Society of Business Publication Editors and Jesse H. Neal awards. You can encircle him at +richi, follow him as @richi on Twitter, pretend to be his friend at Facebook.com/richij or just use boring old email: io@richij.com.

Article Options
Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
 

The HP Input Output site is sponsored by HP and features articles and content from HP and third-party contributors. Third-party articles and content, while paid for by HP, do not necessarily represent the views and opinions of HP. HP does not endorse this content and is not responsible for its accuracy, availability and quality.

Follow Us
Spotlight
"It's Not My Job" - Handling the Vendor Finger-Pointing Trap Is Teamwork Dead? A Post-Agile Prognosis Improving Your Personal Brand with Social Networking 5 Types of Meetings Every Business Must Explore
┼ Based on energy, paper and toner savings from regular printer usage. Results may vary.