F-Secure: Android Accounted For 97% of All Mobile Malware In 2013

An anonymous reader writes "Back in 2012, Android accounted for 79 percent of all mobile malware. Last year, that number ballooned even further to 97 percent. Both those data points come from security firm F-Secure, which today released its 40-page Threat Report for the second half of 2013. More specifically, Android malware rose from 238 threats in 2012 to 804 new families and variants in 2013. Apart from Symbian, F-Secure found no new threats for other mobile platforms last year."

welcome to the big time

[smash]

Linux is secure, right? Isn't Android Linux?

This is what you get running unsigned code from anywhere people! The last 30+ years of malware on Amiga, DOS, Windows, Unix, Linux, etc. should be a lesson. Trust code to execute by default and this is what you get. Rely entirely on the end user to determine whether or not code is legitimate, and this is what you get.

The average Joe is not capable of making that decision. Sure, it sucks, but them's the breaks.

Re:welcome to the big time

[smash]

So, have you ever heard of a root kit? Linux has plenty of malware, and I have personally rebuilt compromised hosts. "Oh but that bug was in sendmail" or whatever you say. Cop out.

Re:welcome to the big time

[swillden]

Android has problems with it's "app store".

RTFA (I know, I know, new here and whatnot):

The title of the article is "F-Secure: Android accounted for 97% of all mobile malware in 2013, but only 0.1% of those were on Google Play".

Essentially all of the Android malware comes from non-Google app stores, or sideloaded APKs. And with respect to the malware that does manage to make it into the Play Store, F-Secure says "the Play Store is most likely to promptly remove nefarious applications, so malware encountered there tends to have a short shelf life.”

Re:welcome to the big time

[symbolset]

If you can make a computer so simple even an idiot can use it, only an idiot will want to. I like Android's balance with Google play here. Stick with Google Play and you are good to go. Want to adventure? Enable side loading and have at it. Your choice. The complainers appear to be the sort who disable the safety features and then harm themselves, and blame Google for their own screwup.

Re:welcome to the big time

[Plumpaquatsch]

If you rebuilt a compromised host due to somebody leveraging a bug in sendmail, then the admin is/was a moron. Processes should not be run with root privileges, and any public-facing system should be configured in such a way as to limit the damage that can be caused by compromised service accounts. See: PEBKAC; ID10T error.

Yeah, good thing there aren't any privilege escalation bugs in the Linux kernel. Ever.

Google Made a Core Mistake with "OPEN"

[BoRegardless]

It sounds nice in the hacker world, but in the hands of the 'average Joe', an "Open Handset" is an invitation to have your bank account stolen.

Re:We're number one!

[smash]

Then explain the lack of similar quantities of malware for iOS between 2007 and 2012?

Moral of the story:

[Johnny+Loves+Linux]

Don't install apps from back alleyways:

At the very bottom of the list was Google Play itself, with the lowest percentage of malware in the gathered samples: 0.1 percent. F-Secure also noted that “the Play Store is most likely to promptly remove nefarious applications, so malware encountered there tends to have a short shelf life.” While that’s great news for most Android users, it

Why would anybody shop for apps on their android phone/tablet like a crack addict looking for their next hit is beyond me. Are people really that naive?

Left out a key piece of the original headline

[Kelson]

"...but only 0.1% of those were on Google Play"

So that vast majority is practically all third-party installations (something which isn't even an option on iOS).

Re:Left out a key piece of the original headline

[Shados]

The ability is off by default, you have to go pretty deep in the options to turn it on, when you do turn it on, you get all sorts of warning telling you to watch out. And if you do turn it on and do something stupid, you may get malware

That's leagues better than not having the option at all (or to have to use what basically amount to root exploits to enable it), as well as better than having the option on by default for everyone.

There's some collateral damage (the cheap bozos who wants to save 5 bucks and get owned in the process), but its worth it.

Re:Left out a key piece of the original headline

[danbob999]

...(something which isn't even an option on iOS).

Wait. You just acknowledge that the VAST majority of malware comes from sideloaded apps and then make a snide comment about iOS because sideloading malware-laden apps isn't an option.

REALLY??

Only on Slashdot is the inability to load malware-riddled apps on your phone viewed as a negative...

Because it is negative. Just like a car limited to 30 km/h is negative, even if it prevents accidents. You know, with a real car you have the option of staying under 30 km/h if you want to. And with Android you have the walled garden option if you want to. Just don't activate the sideload option. If you are too stupid to activate it and you get malware, you have earned it.

Re:We're number one!

[steveha]

explain the lack of similar quantities of malware for iOS between 2007 and 2012?

Because of Apple's "walled garden". The only way to get apps for iOS is from Apple's store, and Apple tries to keep the malware out.

Apple always charges $100 to put an app in the store, so malware has to make at least $100 before it is discovered or the person who put the malware on the store loses money.

The "walled garden" does have advantages.

Personally, I like having a device where I can install anything I want... but I pretty much just get stuff from the Google Play store. If I need an SSH app, and I see one with over 30,000 votes rating it 4 or 5 stars, I'm pretty sure it won't be malware when I download it.

And according to TFA, almost all of the malware was side-loaded. Almost none of the malware came from the Google Play store. Thus, Android gives me the advantage of the walled garden, while still being more free than iOS.

P.S. The reason I went with Android rather than iOS was Apple's policy of no interpreters and no emulators. I wanted Python and games emulators. Apple has since then unbent a bit, but Android has always allowed you to install whatever sorts of apps you prefer.

Thus I am able to install interpreters and emulators, without rooting my phone, and getting them from the Google Play store. Why wouldn't I want this?