Verizon: there is no Android malware problem, except for adware

According to new figures from the US’s largest mobile carrier, the Android malware problem is "truly negligible" but adware could become one.

Looking at Android security by the number of potentially malicious apps out there, it wouldn’t be hard to conclude that Android has a malware problem. Kaspersky last year tallied 10 million malicious Android apps, meaning they outnumbered the one million apps available in Google Play by 10 to one.

By other measures though, such as actual infections on devices, the problem is so small that it barely rates a mention.

Verizon Enterprise’s latest report on data breach incidents in 2014 for the first time looked mobile malware, and more specifically actual rates of infection on smartphones using data from Verizon Wireless.

Verizon notes that mobile devices have never been a preferred avenue for hackers to breach the enterprise, which explains why it never looked at the threat posed by mobile malware.

Based on data Verizon Wireless supplied on “tens of millions” of smartphones, Verizon found that just 0.03 percent of devices were infected with “truly malicious” apps. In absolute terms, the very most infections in any week between July 2014 and January 2015 was 150. in other words, infections — while totally on Android devices — were “truly negligible”.

Verizon doesn’t explain what “truly malicious” means but it does exclude adware apps, which it classed as more of an annoyance since they typically force devices to display unwanted ads and collect more personal information from the device than necessary.

Google itself has several classifications for potentially harmful Android apps (PHA), including generic PHA, Phishing, Rooting Malicious, Ransomware, Rooting, SMS Fraud, Backdoor, Spyware, Trojan, Harmful Site, Windows Threat, NonAndroid Threat, WAP Fraud, Call Fraud.

While truly malicious apps may be minuscule, Verizon did find a potential problem with Android adware. In August last year, the number of smartphones on the carrier with adware peaked at over 60,000, but then dropped to well below 10,000 by January 2015. Overall it found hundreds of thousands of devices were affected by this class of pest. It doesn’t however offer a percentage.

Adware might not be a security threat per se but it is a security and privacy issue that doesn’t improve the Android experience and the bad news for Android is that it could get worse.

Verizon adds a few facts from FireEye’s analysis of 7 million apps, which found that between 2013 and 2014 the number of adware apps had grown from 300,000 to 410,000. And that’s a problem faced by Android users but not Apple’s iOS users, with 96 percent of all malware built for Android.

While Google has since launched Verify Apps — to do hygiene checks on installed apps rather at just at the point of install — it has had trouble keeping adware apps out of the Google Play, which is where it recommends users get apps to avoid PHAs. It does generally quickly remove them after third-party researchers report them.

The Verizon numbers provide an independent counterpoint to Google’s recent analysis of the state of Android security. Google found that PHAs of all classes — from very harmful ransomware to adware — were installed on less than 0.1 percent of devices that only get apps from Google Play in 2014. On the other hand 0.1 percent of one billion devices is one million.

The story for devices that allow installations from outside of Google Play wasn’t much worse, though there was a wide variance between different markets. For example, in English speaking markets 0.4 percent of devices had been installed with PHAs while in Russia the rate was between three to four percent. Meanwhile for China, where third-party stores are the norm, the rate was 0.8 percent.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags android malwareadwareverizonGoogle Playdata breachAndroid securityFireEyeadware appsransomwaremobile malwareGoogle

More about AppleCSOEnex TestLabFireEyeGoogleKasperskyVerizonVerizon Wireless

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts