Given the increasingly ubiquitous and open nature of Googles Android, theres little mystery as to why cyber-attackers are targeting more of their malware efforts at the mobile operating system, according to Don DeBolt, director of threat research at security software maker Total Defense.
Malware goes to where the numbers are, DeBolt said in an interview with eWEEK, pointing out that Android can be found in almost 50 percent of all smartphones. Theres been an explosion of malware directed at the Android platform. What made it possible is that its an open platform. It lets you download anything you want.
The result is that, at a time when the overall amount of new unique malware grew in the 2 to 6 percent range between 2010 and 2011down from as high as 20 percent a year in the pastmore than 25 times more Android malware was found in 2011, Total Defense found in its 2011 Internet Security Threat Intelligence report, released March 15. There were more than 9,000 incidents of Android malware in 2011, according to the report.
Total Defense executives said that what theyre seeing is raising the issue of open systems versus closed ones as far as security is concerned, as well as the debate around the idea of app paradigms, in which only authorized apps can be installed and run on computing devices.
The open nature of Android that proponents love is the same thing thats attractive to malware creators, DeBolt said. Users find apps to download and then are presented with lengthy user permission dialogs featuring small type that in all likelihood users just allow without ever reading. That makes it easy to bring in malware along with the app.
And in 2011, that malware was out there, with names like Foncy, Dogowar, WalkSteal.A and Golddream.A, according to Total Defense. Fakeneflic.A is a Trojan that disguises itself as popular software that needs login data. If the user is tricked, the entered credential is posted to a hosted Website. FakePlayer.A is a Trojan that disguises itself as a media player.
Such malware is made even more dangerous by the rise of data-logging apps, which, on their own, access a users contact list, email list or other personal information, DeBolt said.
Total Defenses report echoed the findings in the 2011 Mobile Threat Report released by Juniper in February. That report found that malware targeting Android jumped 3,325 percent in the last seven months of 2011, and accounted for 46.7 percent of unique malware samples aimed at mobile operating systems.
In response to this challenge, Google now has a technology called Bouncer, which scans apps submitted to the Android Market for malware and removes offenders. Total Defenses DeBolt said Google has needed to improve its policing of the Android Market and should consider offering certified applications on the marketplace.
He also said the skyrocketing amount of malware targeting Android should have Google officials consider making Android a less open platformalong the lines of Apple and its iOS. While users of Android-based devices can download what they want, those with Apples iPhone operate in more of a walled garden environment, where only software with particular code can be downloaded, unless the device is jailbroken by the user. In that situation, though, one would hope that someone with enough technical skills to jailbreak the device would be savvy enough not to download the wrong software, DeBolt said.
The Android malware situation also fuels the debate over the drive toward an app paradigm, in which PCs and other computing devices are used in a more appliance-like fashion, and only authorized apps with authorized code can be installed and run.
DeBolt said an app paradigm would reduce the dangers of malwareor attack surface of computing devices. At the same time, he understands that it would reduce the amount of freedom users have in deciding what they can download onto their devices.