Do You Really Need Security?

10/22/2012 1:47:16 AM

Are the many Android virus claims fact or fiction and should you be worried?

Malware, Viruses, attacks, phone numbers being stolen, lives put at risk, solar flares wiping out the communications grids… all of these scenarios have been blamed on Android recently, as anti-virus companies pitch Google’s mobile operating system as the next worst thing that will ruin your life.

Description: Symantec reports that a maximum of 49 devices were infected with the Android.Nickispy trojan

Symantec reports that a maximum of 49 devices were infected with the Android.Nickispy trojan

But does Android malware really exist? Or is it just a myth, proven only in exploits performed under strict laboratory conditions?

Chest Wisniewski, from anti-virus firm Sophos, told us. “It is not terribly widespread outside of China, but the number of malicious apps is increasing dramatically.

“In 2010 we saw around 40 threats, in 2011 more than 400. Evidence for 2012 suggests that the number will continue to increase. To date, the majority of threats are on unofficial or pirate markets, but we have seen several apps make it on to the Google Play store, only to later be discovered and deleted?

Why is Android vulnerable?

“The ability for users to load software ‘off market’ opens the door for malicious applications to be distributed without the need for a vulnerability, “say Wisniewski, meaning anyone can write an app and anyone can install anything on their Android phone, granting it permission to go wild their personal data.

   Google’s main defence is the Android Permissions notifier, which tells you exactly which phone features an app will be able to access once installed. The problem is, no one reads these permissions. It’s a boring list of things most of us don’t understand. How is the everyday man expected to know where it’s right or wrong for a particular app to require access to his contract details ?

There’s also the problem of software updates, which has been the bane of Android over the last year or two, as Google relentlessly releases new OS versions and the network struggle to keep up.

  “The other factor that increases the risk for Android user is the lack of patches that fix the vulnerabilities that are discovered”, explains Wisniewski. “Even if Google fixes the flaws in the maker lag far behind integrating the fixes, if they bother at all.”

Which all sounds very worrying, but then again it’s common practice, and advice throughout the tech word is to always update to the latest version of any software. If you’ve been stranded with an unsupported Android model that’s sitting on version 1.6 of the operating system, you may well be more vulnerable because the hackers have had longer to work on exploits.

Do you need an Android security app?

Wisniewski thinks so, explaining, “Not all security applications are the same – some are more of a marketing efforts than a true security application. As the number of attacks increase, it is likely we will need to provide protection on the device as well as more carefully screening applications submitted to the market places.”

Description: Do you need an Android security app?

Do you need an Android security app?

However, at the other end of the spectrum, a famous rant published on Google+ by Google man Chris DiBona, who is the open source programs manager at Google, said, “Virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and iOS. They are charlatans and scammers.”

Most Android malware scare stories you hear about are based around one of two extreme premises – theoretical breaches discovered by researchers in their offices but not actually spotted in the real world, or apps that spawn numerous pop-up adverts designed to pull in ad revenue for the few days they’re allowed to run riot on Google’s Play Store.

The latter type is by far the most common. In the run-up to the android launch of iPhone smash Temple Run, numerous clones were found popping up on the Play Store. Some of these were rather malicious, redirecting users’ browsers to ad-covered websites and inserting bookmarks, but they didn’t have the power to break your phone beyond repair – nor were they technically malware, because they were only doing what users had granted them permission to do. No security or anti-virus app will stop something that you’re specifically handing permission to, so they would be, in cases like this, entirely useless. And while there’s certainly a lot of boundary-pushing, invasive software that can legitimately take its place on Google’s Play Store, actual reports of phone-breaking data-thievery are extremely rare to come across.

Is my phone infected?

Sophos’ most recent Android malware report concerned a game called The Roar of the Pharoah which, it claimed, contained a trojan that could gather your phone number and IMEI code, with the ability to send SMS messages to premium rate services.

The only problem was, this app wasn’t actually found on the official Google Play Store. Sophos only discovered it on various unnamed “unofficial download sites”. This means that it’s entirely possible that no Android device users whatsoever were infected by this apparent threat, even though the report managed to gain a lot of internet column inches.

Another common Android malware fighter and evangelist is McAfee. Its 2011 threat update made for worrying reading, claiming that two new viruses – Android/NickiSpy.A and Android/GoldenEagle.A – were found on Android phones in the last quarter of 2011.

Symantec supplies some data on the number of infections, which shows that the Android. Nickispy Trojan, which is claimed to have the ability to record people’s phone calls, has infected between 0 and 49 devices. Which is statistically about zero, when you consider that Google is selling around 700,000 Android gadgets every day.

Will it get worse?

Anti-virus firms say yes it will, while Google has recently introduced an app-scanning tool it calls Bouncer, designed to detect common forms of malicious code uploaded to its Android Market and delete them before they can inflict pain on users.

Description: Android Bouncer

Android Bouncer

With over 200 million Android devices out there today, and a rather patchwork approach to updating their software, it’s inevitable that some older models will be exploited and found to be more vulnerable.

The rule of thumb is to keep it official, only downloading apps through Google’s Play Store, because at least that way you have some form of safety net and the backing of Android’s own army of app-checking reporters. And always make sure you check those permissions when installing an app, as boring a task as it may be. They are your first indication that something is trying to work its way a little too deeply into your phone.

And while anti-virus apps from the big-name PC software protection companies are on the rise on Google’s Play Store, they won’t stop the adware spam apps and fake, because they rely on you actually granting them permission to run.

As with most things in life, the sad fact is you’re going to have to start paying more attention to the small print if you want to stay exploit-free.

Top 10
Review : Sigma 24mm f/1.4 DG HSM Art
Review : Canon EF11-24mm f/4L USM
Review : Creative Sound Blaster Roar 2
Review : Philips Fidelio M2L
Review : Alienware 17 - Dell's Alienware laptops
Review Smartwatch : Wellograph
Review : Xiaomi Redmi 2
Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8