San Francisco—A combination of gated mobile app stores, significant controls, vetting by Apple and Google, and a lack of good monetization strategies have made malware a rare occurrence on mobile devices in North America, network security firm Damballa reported here at the RSA Conference.
Working with anonymous data captured from the large cellular providers that use its services, Damballa identified traffic that came from more than 152 million mobile devices in a given week, which contacted nearly 2.8 million Internet sites. Of those devices, only 64 out of every million devices, or 0.0064 percent, contacted a malicious mobile Website, according to the company's research.
For security firms that have declared mobile malware an increasing threat, the new data suggests otherwise, said Brian Foster, chief technology officer for Damballa.
"Don't make this year the 'Year of Mobile Malware,' because you will be wrong," he told eWEEK.
As mobile devices became more popular, antivirus firms moved their core host-based threat detection software, the malware scanner, to mobile devices, but threats continue to be low. Through its gated software ecosystem and closed devices, Apple has successfully protected users from mass malware attacks. Over the years, the Android platform had a few significant incidents, but potentially harmful applications (PHAs)—essentially a superset that includes malware—affects less than 1 percent of Android users in North America and many other parts of the world, according to Google's State of Android Security report.
Damballa and Google are not the only companies to find low rates of infection. Data from Alcatel-Lucent's Motive mobile-security research group, which has visibility into home networks through its partnerships with Internet service and cellular providers, has found that only a low percentage of the mobile devices—0.3 percent in 2012—show signs of infection. Because many laptops are connected to the Internet through tethered cellular devices, Motive's data is likely somewhat inflated, the company, formerly Kindsight, said at the time.
While PCs continue to allow the installation of software from untrusted sources, the gated security of the app store model for mobile devices had significant security implications. Apple and Google allow developers to submit programs for inclusion in their stores, but do some initial vetting and testing, and then retain the capability to remove the application from the store and users' devices, if it is later found to be malicious.
While North America and most of Europe have low malware rates, some countries, such as Russia and China, have a more significant malware problem. A plethora of app stores are available to users in those countries, many allowing the downloading of pirated or modified software. In addition, many mobile devices are either jailbroken or allow software to be downloaded and installed from Web sites, a practice known as side-loading and which bypasses the controls of the mobile-software ecosystem.
For users who continue to use trusted app stores and do not modify their devices' operating system, malware should be an insignificant threat, Damballa's Foster said.
"Threats are different on mobile devices, so long term, I don't think these numbers are going to change," he said.