Malware on Google Play Has Quadrupled Since 2011

[Dohc-WP]

The number of malware-infected apps in Google Play's store has nearly quadrupled between 2011 and 2013, according to security group RiskIQ.

As reported on PC World, more than 42,000 apps in Google's store contained spyware or information-stealing Trojans. In 2011, that figure was just 11,000.

Apps designed to personalise users' Android phones were found to be most susceptible, but gaming and entertainment apps were also likely contenders for maliciousness. Possible malware has been found in the Flappy Bird clones that have flooded the store since the original Flappy Bird was taken down.

“The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data,” said RiskIQ CEO Elias Manousos in the press release.

Worryingly, RiskIQ also found Google's removal of offending apps declining. While Google removed 60% of malicious apps in 2011, it removed less than a quarter of them in 2013. Google has yet to comment on the report.

Some malware steals confidential information from infected devices, such as device IDs, GPS coordinates, contacts, and recorded phone calls. Others, meanwhile, can bypass security settings to subscribe unwitting users to premium services. Some of the most-downloaded infected apps include games Finger Hockey and Subway Surfers Free Tips, as well as wallpaper app Wallpaper Dragon Ball.

Apple's App Store was not analysed in this report, so comparisons cannot be drawn between the two just yet.

Source: IGN

 

[Ike_009]

Wow, that's a big increase. I curious as to the increase in apps and if it is less than for malware

 

[Iam3G]

I always try to make sure I get apps/games from trusted publishers. Reading the ratings/comments, feedback from friends etc. If it sounds off, I usually skip it.

 

[blaaislaai]

I guess if you downloading via app's ratings/amount of downloads, you should be fine.

Searching for a specific app, or something with little to no rating should probably be alarming.

 

[Snare]

Well considering that the amount of people developing apps has also greatly increased it shouldn't be a surprise that there is a greater negative representation in the store.

 

[Gouko_Tenrou]

But surely if you have a anti-virus installed on your phone it should detect the malware within a app?

 

[TheAvenged87]

But surely if you have a anti-virus installed on your phone it should detect the malware within a app?

Yeah, that works. You can install LookOut, which will take care of scanning app on installation.

 

[Ike_009]

But surely if you have a anti-virus installed on your phone it should detect the malware within a app?

The point though is that malware has still increased 4x, installing an app on your phone won't delete it on the store

 

[Gouko_Tenrou]

The point though is that malware has still increased 4x, installing an app on your phone won't delete it on the store

It was inevitable that there would be a increase.

 

[Tom]

I hardly ever download something from the app store unless iv heard something about it somewhere first... I find this app,

https://play.google.com/store/apps/details?id=com.drippler.android.updates&hl=en

To be really Useful... I know it might sound crazy, and I often question my own sanity, but its an App that recommends apps for you to DL... And they have awesome write ups on like the best camera apps, the best editing apps, the best music apps etc etc... Its really a great app and the design of it is right out the top draw...

 

[AlphaJohn]

Some malware steals confidential information from infected devices, such as device IDs, GPS coordinates, contacts, and recorded phone calls. Others, meanwhile, can bypass security settings to subscribe unwitting users to premium services. Some of the most-downloaded infected apps include games Finger Hockey and Subway Surfers Free Tips, as well as wallpaper app Wallpaper Dragon Ball.

Bad reporting is bad, there is not a single case ever where an app can perform outside the rights you accepted. When you install an app it ask you for permissions to access contacts and so on. You the user give said access by clicking yes. Problem is most people click without ever thinking why does a wallpaper need access to my sms's or phone dailer.

Most if not all Anti viruses do not mark most of them as mallware for this exact same reason, cause they tell you outright they going to access your contacts or such.

To overcome and limit data leaks I recon people should skip the Anti virus and rather install
Ad-Network Scanner & Detector or my fav
Airpush Ad Detector

Cause they tell you exactly what apps have access to what and warn you about potential data leaks.

Anti-Virus is only needed when you install apps that is outside Google stores. Besides they only detect the exact same malware that Google already does. (Joke is even proper mallware can not access services you didn't give em rights to)

 

[brendanvb]

I've luckily never run into any malware on my phones, and I install a lot of "sources other than Play Store" apps.

 

[Tom]

Is it actually worth installing an antivirus on your phone? Iv never met a person that's had a "Phone Virus"

 

[blaaislaai]

Is it actually worth installing an antivirus on your phone? Iv never met a person that's had a "Phone Virus"

Same here. If you download high rated apps there shouldn't be a problem

 

[Iam3G]

Is it actually worth installing an antivirus on your phone? Iv never met a person that's had a "Phone Virus"

You actually won't believe how much Virus's a phone can contain. Most people don't even know it.

And it just doesn't just come from applications downloaded. Internet downloads, USB transfers.

 

[Snare]

You actually won't believe how much Virus's a phone can contain. Most people don't even know it.

And it just doesn't just come from applications downloaded. Internet downloads, USB transfers.

Ultimate phone security? get a BB

 

[addam]

Surely Google polices their store a bit more thoroughly? It can't be good for Android's image if they're letting so many virus apps through.

 

[AlphaJohn]

Surely Google polices their store a bit more thoroughly? It can't be good for Android's image if they're letting so many virus apps through.

The problem is that its not that clear, yes they can remove virii and malware but what if a wallpaper app states in the description that they harvest contacts and sms's. Then the picture is not so clear.

Yes some of us would classify it as malware cause its accessing data that is not needed for the app to work, but others would say that is the payment method the developer use to "sell" his app. Even worse, when you install said app you the user approve said access to all the functions like dialer, contacts and so on.

Example Facebook ask for access to:

This app has access to these permissions:
Your accounts
find accounts on the device
create accounts and set passwords
add or remove accounts
read Google service configuration

Your location
precise location (GPS and network-based)
approximate location (network-based)

Your messages
read your text messages (SMS or MMS)

Network communication
view network connections
receive data from Internet
full network access
change network connectivity
download files without notification
view Wi-Fi connections
connect and disconnect from Wi-Fi

Your personal information
read calendar events plus confidential information
add or modify calendar events and send emails to guests without owners' knowledge
read your own contact card

Phone calls
directly call phone numbers
read phone status and identity

Storage
modify or delete the contents of your USB storage

System tools
install shortcuts
test access to protected storage
send sticky broadcast
read battery statistics
Your applications information

run at startup
retrieve running apps
reorder running apps

Camera
take pictures and videos

Other Application UI
draw over other apps

Microphone
record audio

Your social information
write call log
read your contacts
modify your contacts
read call log

Affects battery
prevent device from sleeping
control vibration

Audio settings
change your audio settings

Status bar
expand/collapse status bar

Sync Settings
toggle sync on and off
read sync settings

Wallpaper
set wallpaper
adjust your wallpaper size

If you read them properly you will even classify Facebook as Malware. You have to accept said access before it can install and access them.

Besides how can you tell Google that some wallpaper that has access to contacts and dialer is malware but above Facebook example is not?

Edit: That is why I advocate Ad-Network Scanner & Detector or my fav
Airpush Ad Detector above to properly go over all your apps and see what can access what and why.

 

[addam]

If you read them properly you will even classify Facebook as Malware. You have to accept said access before it can install and access them.

That's really scary, Facebook essentially has complete control over your phone! I guess Google should sort of do what apple does, maybe not preventing an app from being approved, but periodically going through them and seeing if a certain app needs access to something. Obviously a wallpaper app doesn't need access to your phone and (probably not) your contacts, and I doubt many people read the full permissions when they install something.

 

[medicnick83]

That is why I always read the comments and such, hell, if an app is new, I avoid it for a few days.