Are the many Android virus claims
fact or fiction and should you be worried?
Malware, Viruses, attacks, phone numbers
being stolen, lives put at risk, solar flares wiping out the communications
grids… all of these scenarios have been blamed on Android recently, as
anti-virus companies pitch Google’s mobile operating system as the next worst
thing that will ruin your life.
Symantec
reports that a maximum of 49 devices were infected with the Android.Nickispy
trojan
But does Android malware really exist? Or
is it just a myth, proven only in exploits performed under strict laboratory
conditions?
Chest Wisniewski, from anti-virus firm
Sophos, told us. “It is not terribly widespread outside of China, but the
number of malicious apps is increasing dramatically.
“In 2010 we saw around 40 threats, in 2011
more than 400. Evidence for 2012 suggests that the number will continue to
increase. To date, the majority of threats are on unofficial or pirate markets,
but we have seen several apps make it on to the Google Play store, only to
later be discovered and deleted?
Why is Android vulnerable?
“The ability for users to load software
‘off market’ opens the door for malicious applications to be distributed
without the need for a vulnerability, “say Wisniewski, meaning anyone can write
an app and anyone can install anything on their Android phone, granting it
permission to go wild their personal data.
Google’s main defence is the Android
Permissions notifier, which tells you exactly which phone features an app will
be able to access once installed. The problem is, no one reads these
permissions. It’s a boring list of things most of us don’t understand. How is
the everyday man expected to know where it’s right or wrong for a particular
app to require access to his contract details ?
There’s also the problem of software
updates, which has been the bane of Android over the last year or two, as
Google relentlessly releases new OS versions and the network struggle to keep
up.
“The other factor that increases the risk
for Android user is the lack of patches that fix the vulnerabilities that are
discovered”, explains Wisniewski. “Even if Google fixes the flaws in the maker
lag far behind integrating the fixes, if they bother at all.”
Which all sounds very worrying, but then
again it’s common practice, and advice throughout the tech word is to always
update to the latest version of any software. If you’ve been stranded with an
unsupported Android model that’s sitting on version 1.6 of the operating system,
you may well be more vulnerable because the hackers have had longer to work on
exploits.
Do you need an Android security app?
Wisniewski thinks so, explaining, “Not all
security applications are the same – some are more of a marketing efforts than
a true security application. As the number of attacks increase, it is likely we
will need to provide protection on the device as well as more carefully
screening applications submitted to the market places.”
Do
you need an Android security app?
However, at the other end of the spectrum,
a famous rant published on Google+ by Google man Chris DiBona, who is the open
source programs manager at Google, said, “Virus companies are playing on your
fears to try to sell you bs protection software for Android, RIM and iOS. They
are charlatans and scammers.”
Most Android malware scare stories you hear
about are based around one of two extreme premises – theoretical breaches
discovered by researchers in their offices but not actually spotted in the real
world, or apps that spawn numerous pop-up adverts designed to pull in ad
revenue for the few days they’re allowed to run riot on Google’s Play Store.
The latter type is by far the most common.
In the run-up to the android launch of iPhone smash Temple Run, numerous clones
were found popping up on the Play Store. Some of these were rather malicious,
redirecting users’ browsers to ad-covered websites and inserting bookmarks, but
they didn’t have the power to break your phone beyond repair – nor were they
technically malware, because they were only doing what users had granted them
permission to do. No security or anti-virus app will stop something that you’re
specifically handing permission to, so they would be, in cases like this,
entirely useless. And while there’s certainly a lot of boundary-pushing,
invasive software that can legitimately take its place on Google’s Play Store,
actual reports of phone-breaking data-thievery are extremely rare to come
across.
Is my phone infected?
Sophos’ most recent Android malware report concerned
a game called The Roar of the Pharoah which, it claimed, contained a trojan
that could gather your phone number and IMEI code, with the ability to send SMS
messages to premium rate services.
The only problem was, this app wasn’t
actually found on the official Google Play Store. Sophos only discovered it on
various unnamed “unofficial download sites”. This means that it’s entirely
possible that no Android device users whatsoever were infected by this apparent
threat, even though the report managed to gain a lot of internet column inches.
Another common Android malware fighter and
evangelist is McAfee. Its 2011 threat update made for worrying reading,
claiming that two new viruses – Android/NickiSpy.A and Android/GoldenEagle.A –
were found on Android phones in the last quarter of 2011.
Symantec supplies some data on the number
of infections, which shows that the Android. Nickispy Trojan, which is claimed
to have the ability to record people’s phone calls, has infected between 0 and
49 devices. Which is statistically about zero, when you consider that Google is
selling around 700,000 Android gadgets every day.
Will it get worse?
Anti-virus firms say yes it will, while
Google has recently introduced an app-scanning tool it calls Bouncer, designed
to detect common forms of malicious code uploaded to its Android Market and
delete them before they can inflict pain on users.
Android
Bouncer
With over 200 million Android devices out
there today, and a rather patchwork approach to updating their software, it’s
inevitable that some older models will be exploited and found to be more
vulnerable.
The rule of thumb is to keep it official,
only downloading apps through Google’s Play Store, because at least that way
you have some form of safety net and the backing of Android’s own army of
app-checking reporters. And always make sure you check those permissions when
installing an app, as boring a task as it may be. They are your first
indication that something is trying to work its way a little too deeply into
your phone.
And while anti-virus apps from the big-name
PC software protection companies are on the rise on Google’s Play Store, they
won’t stop the adware spam apps and fake, because they rely on you actually
granting them permission to run.
As with most things in life, the sad fact
is you’re going to have to start paying more attention to the small print if
you want to stay exploit-free.
