Few days ago Juniper Networks has released a report on the status of Android Malware. The results are not encouraging for the Android Addicted since they show a 472% increase in malware samples since July 2011 (see the infographic for details).
This does not surprising: already in May in its annual Malicious Mobile Threats Report, report, Juniper had found a 400% increase in Android malware from 2009 to the summer of 2010. This trend is destined to further grow since the Juniper Global Threat Center found that October and November registered the fastest growth in Android malware discovery in the history of the platform. The number of malware samples identified in September increased by 28%. whilst October showed a 110% increase in malware sample collection over the previous month and a noticeable 171% increase from July 2011.
As far as the nature of malware is concerned, Juniper data show that the malware is getting more and more sophisticated, with the majority of malicious applications targeting communications, location, or other personal information. Of the known Android malware samples, 55%, acts as spyware, 44%, are SMS Trojans, which send SMS messages to premium rate numbers without the user’s consent.
The reason for this malware proliferation? A weak policy control on the Android market which makes easier for malicious developers to publish malware applications in disguise. From this point of view, at least according to Juniper, the model of Cupertino is much more efficient and secure.
Easily predictable Google’s answer came from the mouth of Chris DiBona, open source and public sector engineering manager at Google. According to DiBona, Open Source, which is widely present in all the major mobile phone operating systems, is software, and software can be insecure. But Open Source becomes stronger if it pays attention to security, otherwise it is destined to disappear. In support of this statement he quotes the cases of Sendmail and Apache, whose modules which were not considered enough secure disappeared or came back stronger (and more secure) than ever.
But DiBona’s does not stop here (probably he had read this AV-test report which demonstrates that free Android Antimalware applications are useless): “Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.”
From this point of view Google hopes that Ice Cream Sandwich will lead Android Security at the next level even if some features are raising security concerns among Infosec professionals.