Separating Fact From Hype On Mobile Malware

wiredmikey writes with this quote from an article about determining whether the recent doom-and-gloom reports about malware on mobile devices are justified: "As twilight approaches for 2011, security vendors have set their gaze on the rise of Android malware during the year and what is ahead. Last week, Juniper Networks entered the fray, declaring the number of malware samples it observed targeting devices running Google Android had shot up nearly 500 percent since July. Today, McAfee released its threats report for the third quarter of the year, which found that the amount of malware targeting Android devices jumped 37 percent since the second quarter. While there is no doubt the amount of malicious programs with Windows in their bull's eye dwarfs the amount of threats to mobile devices, the focus on Android malware have left some wondering how to separate fact from hype."

Allow users to set permissions?

Other than CM, where one can set permissions of apps, the only real way to limit app permissions is with use of DroidWall.

This way, if a game wants the whole world for perms, it might get the ability to call home for high scores, but that is it.

Re:Allow users to set permissions?

[DJRumpy]

What I find ironic is that the blogger under the "separate fact from hype" talks only about viruses, which as far as I know are pretty much non-existent in the mobile market, he ignores the fact that most of these stories are about malware ranging from various 'texting' apps that run up bills, those that dial 900 numbers, those that steal info ranging from contacts to key loggers, etc. None of these are viruses, but dangerous regardless.

Also while I don't doubt the explosion of 'malware', I also take it with a grain of salt that the numbers might be so small now that any increases will make a trend look huge, at least initially. That doesn't mean that the Android market doesn't have a problem. I think people tend to be more lax on smartphones than they are on computers since they are relatively new. A little caution and more proactive action from Google would be a smart move.

Just sayin'...

Why the emphasis on percentages?

[DeadCatX2]

500% this, 37% that...

One of the first tricks they teach you in "how to lie with numbers" is to use percentages to inflate otherwise small numbers.

If they want to pimp a percentage, I would love to ask them...what percentage of the Android market share is infected? Somehow I think they wouldn't want to share that number, because all the 0's to the right of the decimal point may call into question exactly how much that very same company's products and services are needed.

Re:FUD?

[tlhIngan]

You could say the same thing for the Internet: don't download random stuff, research it and ensure it is safe. Hell that could apply to almost any activity like going to a restaurant: make sure that the kitchen is clean and that they buy safe ingredients.

The problem is that no one actually does either of those checks.

Well, it's called Dancing Pigs. A user is confronted with a scary looking permissions list with "install" and "cancel". User wants to play this kewl game they were shown. User taps Install. It'll happen often enough to matter.

And it also applies if said app costs money and they can get it for free - people will pirate apps. And just like on the desktop world - pirated apps can contain all sorts of wrappers that install malware.

I suppose the only interesting thing about Android is why malware uathors haven't bothered taking paid apps, adding their own crap to it, and then releasing it "for free" to show up on searches as a full version of app for free. (I've seen ebooks that did this - they take some Harry Potter epub and package it with a reader (pirated?) and release it as one app.

Then again - should the user be expected to do these checks? Does your mechanic/plumber/doctor/nurse/etc. go and say "I cannot fix your $FOO for you today - I need to research to make sure the new software we're transitioning to is safe"? No, they just install it. Heck, they normally have "IT" take care of that stuff for them. Or their neighbour's kid.

I suppose it's why people are going for "app stores" and "appliances" rather than full-fledged PCs. Computers literally have gotten to the point where it really is a scary place out there and anyone who doesn't do it as a full time occupation is easily overwhelmed into thinking that next click would steal all their banking information and the identities. (Or worse yet, ignorance and clicking somewhere that really does do it).

Anyone's who's had to clean out their relative's PC over the holidays (hey US Thanksgiving...) can attest to that...