Android's Open Nature Makes It Easy Malware Target: Total Defense

As Android's reach grows, cyber-criminals see an opportunity to spread their malware, according to the security software vendor.

Given the increasingly ubiquitous and open nature of Google€™s Android, there€™s little mystery as to why cyber-attackers are targeting more of their malware efforts at the mobile operating system, according to Don DeBolt, director of threat research at security software maker Total Defense.

€œMalware goes to where the numbers are,€ DeBolt said in an interview with eWEEK, pointing out that Android can be found in almost 50 percent of all smartphones. €œThere€™s been an explosion of malware directed at the Android platform. What made it possible is that it€™s an open platform. It lets you download anything you want.€

The result is that, at a time when the overall amount of new unique malware grew in the 2 to 6 percent range between 2010 and 2011€”down from as high as 20 percent a year in the past€”more than 25 times more Android malware was found in 2011, Total Defense found in its 2011 Internet Security Threat Intelligence report, released March 15. There were more than 9,000 incidents of Android malware in 2011, according to the report.

Total Defense executives said that what they€™re seeing is raising the issue of open systems versus closed ones as far as security is concerned, as well as the debate around the idea of €œapp paradigms,€ in which only authorized apps can be installed and run on computing devices.

The open nature of Android that proponents love is the same thing that€™s attractive to malware creators, DeBolt said. Users find apps to download and then are presented with lengthy user permission dialogs featuring small type that in all likelihood users just allow without ever reading. That makes it easy to bring in malware along with the app.

And in 2011, that malware was out there, with names like Foncy, Dogowar, WalkSteal.A and Golddream.A, according to Total Defense. Fakeneflic.A is a Trojan that disguises itself as popular software that needs login data. If the user is tricked, the entered credential is posted to a hosted Website. FakePlayer.A is a Trojan that disguises itself as a media player.

Such malware is made even more dangerous by the rise of data-logging apps, which, on their own, access a user€™s contact list, email list or other personal information, DeBolt said.

Total Defense€™s report echoed the findings in the 2011 Mobile Threat Report released by Juniper in February. That report found that malware targeting Android jumped 3,325 percent in the last seven months of 2011, and accounted for 46.7 percent of unique malware samples aimed at mobile operating systems.

In response to this challenge, Google now has a technology called Bouncer, which scans apps submitted to the Android Market for malware and removes offenders. Total Defense€™s DeBolt said Google has needed to improve its policing of the Android Market and should consider offering certified applications on the marketplace.

He also said the skyrocketing amount of malware targeting Android should have Google officials consider making Android a less open platform€”along the lines of Apple and its iOS. While users of Android-based devices can download what they want, those with Apple€™s iPhone operate in more of a €œwalled garden€ environment, where only software with particular code can be downloaded, unless the device is jailbroken by the user. In that situation, though, one would hope that someone with enough technical skills to jailbreak the device would be savvy enough not to download the wrong software, DeBolt said.

The Android malware situation also fuels the debate over the drive toward an app paradigm, in which PCs and other computing devices are used in a more appliance-like fashion, and only authorized apps with authorized code can be installed and run.

DeBolt said an app paradigm would reduce the dangers of malware€”€œor attack surface€ of computing devices. At the same time, he understands that it would reduce the amount of freedom users have in deciding what they can download onto their devices.