Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":524794,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"C"}']

Sorry, Google fanboys: Android security suffers as malware explodes by 700%

Getting your data back might cost you big time. Same for not having “those pictures” spread all over the Internet. And that’s just one of the new attack vectors targeting Android phones in the past few months, according to security firm McAfee.

Above: Malware samples found so far

Image Credit: McAfee

Mobile malware tracked by McAfee has exploded this year, growing almost 700 percent over 2011 numbers. Almost all of it, perhaps 85 percent, targets smartphones running Android.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":524794,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"C"}']

The attacks range from the traditional and fairly well known email-with-bogus-attachments to the downright Machiavellian: drive-by downloads. Similarly to desktop drive-bys, simply visiting a site initiates the attack.

Once they’re in, your data can be held hostage as “ransomware” threatens deletion — or publication — unless you pay up.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

Users still need to authorize an install, but as McAfee says, “when an attacker names the file Android System Update 4.0.apk, most suspicions vanish.” That’s because it looks like an official update to the Android operating system.

In the past three months alone, McAfee has seen 2.7 million new websites on 300,000 new domains that are either infected or created specifically by malware authors to trap the unwary.

The big surprise in the huge increase on Android isn’t that Android is being attacked: Google’s smartphone platform has been a key focus for the bad guys for some time. The big surprise is that Google has not managed to stem the tide in any significant way.

Above: Mobile malware by platform … where’s iOS?

Image Credit: McAfee

Security concerns on Android should not be news to Google, and Google should be putting security at the top of its list of priorities. But Google’s Bouncer software, which is supposed to be protecting users by scanning apps on Google Play for any malicious code or behavior, often appears to be asleep at the switch and easily fooled.

Shades of London Olympics Widget, anyone?

Even worse, Bouncer can only scan Google Play, the official Android app store, not Amazon’s Android market, or any of the other Android markets that appear.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":524794,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"C"}']

That’s bad news for Android users, bad news for Android, and bad news for Google. McAfee’s “Total Mobile Malware by Platform” graphic doesn’t even show Google’s biggest competitor in the smartphone war: Apple’s iOS.

See that tiny purple sliver? IOS is buried in there, somewhere. Security is so tiny an issue, in spite of a recent SMS spoofing issue, an in-app purchasing problem, and one discovered Trojan on the app store, Apple doesn’t even get its own slice.

The answer can’t just be the standard “educate the users.” The users aren’t going to get it on their own.

Google needs to do more to ensure its mobile platform is safe and secure.

[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":524794,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"C"}']

photo credit: kk+ via photo pin cc

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More