Android Malware on the Rise
If you own an Android smartphone, you’re more than twice as likely to encounter malware today than you were six months ago. This according to the latest Mobile Threat Report from Lookout Mobile Security, which estimates that half a million people were affected by Android malware in the first half of 2011.
Lookout’s analysis of data collected from more than 700,000 apps and 10 million devices worldwide reveals a significant increase in mobile malware since January, and while some of it was geared toward devices running Apple’s iOS, much was intended for Android. There were 80 Android apps infected with malware in January. By June, there were 400.
“Currently, malware and spyware have primarily targeted Android devices, though there are commercial spyware applications available for jailbroken iOS devices,” Lookout explains in its report. “According to our data, in June of 2011 Android users were two and a half times more likely to encounter malware than just six months ago.”
The reasons for this are well known. iOS apps are curated by Apple via a manual review process that hews closely to some very strict security guidelines. Apps in Google’s Android Market do not undergo the same rigorous review process. And while that might allow Android developers to update their apps more quickly, it also makes it easier for miscreants to distribute malware, or to update or repackage legitimate apps with malicious successors. Earlier this year, for example, a piece of malware dubbed DroidDreamLight infiltrated some 34 apps in the Android Market.
But if iPhone users are largely unaffected by malware, they’re not entirely immune to it — particularly if they’ve jailbroken their devices to run apps not sanctioned by Apple. Lookout charted a troubling spike in Web-based threats in the first half of 2011. These are cross-platform and thus of concern to Android and iOS users alike.
“In the past year, iOS has seen multiple web-based exploits in the wild that allow an attacker to run code as root if a user simply visits a web page,” Lookout said in its report. “These exploits first take advantage of a browser vulnerability to run code as the browser process, then take advantage of a local privilege escalation vulnerability to run code as root. Thankfully, we haven’t seen evidence of these exploits being used maliciously: they were primarily used to allow users to jailbreak their devices.”