Android malware has certainly been in the news a lot this week.
First, I read a AV-Test report that found the free antivirus for Android is garbage. In a on-demand scan “the best free app was Zoner AntiVirus Free with 32% detected malicious apps. All other scanners detected at best 10% of the apps, some didn’t detect anything at all.” Yikes. F-Secure and Kaspersky were included for comparison. The commercial apps detected 50% of the malware on an on-demand scan and blocked all malware on attempted install.
Then we had Chris DiBona’s blog post (or should I say Google+ post) in which he lets his zeal for open source completely whitewash any security concern on any phone (besides Windows of course).
He ignores issues with trojaned apps because they will eventually be found and removed from the app store. By that time you’ve already fallen prey to the malicious app stealing the login credentials you use on the banking app. But that’s ok. The Operating System wasn’t infected so it must not have been a virus (huh?).
I think the article would have been better with less venom and open source bluster.
Then we hear from Fortinet that Android malware surges in 2011. This makes sense that malware would see an uptick as adoption increases.
While the numbers aren’t huge the uptick is interesting. The type of attacks may be limited by the mobile phone security model but that doesn’t indicate they are malware free.
- Geinimi – Android’s first botnet
- Hongtoutou – a trojan wallpaper. Steals IMEI and IMSI
- DroidKungFu – information stealer, botnet
- JiFake – fake IM app, toll fraud
- BaseBridge – toll fraud
As we discuss corporate security policies for mobile phones we need to consider the applicability of antivirus requirements. While it is important to look out for marketing FUD, we dont need to take the Bagdad Bob position and claim there is no malware on mobile operating systems either.
While today’s Android malware is applications that are trojaned or installed by the user through social engineering, that doesn’t mean that will always be the case. The question I have is does the antivirus operate at a level where it could detect OS level infections or is it really only a “malicious app” checker.
Paid antivirus for android generally comes with other features such as phone locator and toll fraud prevention that may make it desireable.
update – Bruce Schneier weighs in with a post on Android malware. He links to a Juniper blog post continuing an issue of Android malware rooting the phones because they dont get patched.