Sorry, Google fanboys: Android security suffers as malware explodes by 700%

Getting your data back might cost you big time. Same for not having “those pictures” spread all over the Internet. And that’s just one of the new attack vectors targeting Android phones in the past few months, according to security firm McAfee.

Mobile malware tracked by McAfee has exploded this year, growing almost 700 percent over 2011 numbers. Almost all of it, perhaps 85 percent, targets smartphones running Android.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":524794,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"C"}']

The attacks range from the traditional and fairly well known email-with-bogus-attachments to the downright Machiavellian: drive-by downloads. Similarly to desktop drive-bys, simply visiting a site initiates the attack.

Once they’re in, your data can be held hostage as “ransomware” threatens deletion — or publication — unless you pay up.

Users still need to authorize an install, but as McAfee says, “when an attacker names the file Android System Update 4.0.apk, most suspicions vanish.” That’s because it looks like an official update to the Android operating system.

In the past three months alone, McAfee has seen 2.7 million new websites on 300,000 new domains that are either infected or created specifically by malware authors to trap the unwary.

The big surprise in the huge increase on Android isn’t that Android is being attacked: Google’s smartphone platform has been a key focus for the bad guys for some time. The big surprise is that Google has not managed to stem the tide in any significant way.

Security concerns on Android should not be news to Google, and Google should be putting security at the top of its list of priorities. But Google’s Bouncer software, which is supposed to be protecting users by scanning apps on Google Play for any malicious code or behavior, often appears to be asleep at the switch and easily fooled.

Shades of London Olympics Widget, anyone?

Even worse, Bouncer can only scan Google Play, the official Android app store, not Amazon’s Android market, or any of the other Android markets that appear.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":524794,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"C"}']

That’s bad news for Android users, bad news for Android, and bad news for Google. McAfee’s “Total Mobile Malware by Platform” graphic doesn’t even show Google’s biggest competitor in the smartphone war: Apple’s iOS.

See that tiny purple sliver? IOS is buried in there, somewhere. Security is so tiny an issue, in spite of a recent SMS spoofing issue, an in-app purchasing problem, and one discovered Trojan on the app store, Apple doesn’t even get its own slice.

The answer can’t just be the standard “educate the users.” The users aren’t going to get it on their own.

Google needs to do more to ensure its mobile platform is safe and secure.

[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":524794,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"C"}']

photo credit: kk+ via photo pin cc