Mobile Malware: No Big Deal?
Verizon’s security research team wants you to know that the odds of catching a truly serious malware infection are about 0.03 percent, about the same as the average odds of being struck by lightning during a lifetime. So should we worry? Read on for the details, and my recommendations... |
How Common is Mobile Malware?
Verizon, in its annual Data Breach Investigation Report (DBIR) considers malware that does more than just annoy you with unwanted ads to be “high-level” and counts it towards that 0.03 percent. (Counting all “unwanted software,” Verizon’s DBIR partner Kindsigh Security Labs came up with 0.68%, more than 22 times the “high-level” infection rate.) The sample population is “tens of millions” of Verizon Wireless users.
How Verizon Wireless determines who has a malware infection is not revealed. That omission should provide fuel for conspiracy theories about Verizon “spying” on customers’ phones and tablets. The closest the DRIR report comes to admitting this is: “We feel safe saying that while a major carrier is looking for and monitoring the security of mobile devices on its network, data breaches involving mobile devices should not be in any top-whatever list.” (Let’s not be coy, “major carrier.” And please, use a cogent tech writer for next year’s DBIR instead of a flowery and imprecise PR hack.)
When it comes to operating systems, Android is virtually the exclusive target of malware that Verizon found. The DBIR says that most of the attacks on iOS (iPhone and iPad) devices in its study turned out to be Android malware that picked the wrong target and failed.
FireEye, a security research firm and one of the DBIR’s contributors, studied 7 million mobile apps on iOS and Android during 2014. Ninety-six percent of malicious mobile apps targeted Android, they found. Golfers, campers, and other outdoorsy types are more likely to be hit by lightning, and Android users are more likely to catch malware than iOS users. Still, the average rate of infections on both platforms is just 0.03 percent, or 0.68 percent if adware really annoys you.
Adware is often spyware, too, notes FireEye, collecting personal information from the user (often with the user’s cooperation!) and delivering it to who-knows-who. This observation seems to have escaped the Verizon authors of the DBIR. Advertising is an increasingly favorite way for app developers to pay their bills; FireEye says adware-laden apps increased from 300,000 in 2013 to 410,000 in the first three quarters of 2014.
Mobile malware, like the mayfly, is extremely short-lived, the DBIR reports. Four out of five new malware species vanish from the mobile ecosystem after just a week, while 95 percent survive no more than a month. A never-ending torrent of new malware variants enters the wild simultaneously, keeping anti-malware software on its toes.
Where Does Mobile Malware Come From?
One thing that bothers me about this report is that (like so many others that discuss malicious apps) it does not say whether the malicious apps came from the Google Play store, or some sketchy third-party app store. Downloading apps from the latter requires explicit permission from the user, and these third-party app sources are notorious for not policing submissions.
Verizon’s bottom line is that yes, Android mobile devices are clearly vulnerable to malware, but actual instances of "serious" infections are still very rare. The question they do not address is whether or not smartphone users should install anti-malware apps. To be fair, the DBIR report is focused on malware being used as an attack vector against business networks. But here's my opinion...
Two years ago, I wrote the following in Do You Need Mobile Security Protection?:
If your smartphone activity is centered on talk, text, email or web browsing, I don't see a risk that warrants anti-malware protection. If you're into apps, follow these rules to stay safe:
- Don't download from third-party app stores such as GetJar, where oversight is lacking or less stringent. If you're outside the USA, be aware that malware abounds in Chinese and Russian app markets.
- Before downloading an app, check the permissions that the app is requesting. If an app wants permission to make phone calls; the ability to send, receive or access your SMS messages; or access to your contacts, calendar or camera, those may be red flags, unless it seems obvious that the app would need to do those things.
- Don't download apps that have been on the market less than a month, and only then if they have several thousand downloads and lots of good reviews.
I stand by those recommendations, but if you feel that you need additional protection, AV-TEST has a list of mobile anti-malware apps, along with ratings and reviews. You'll find products from familiar security vendors there, including AVG, Avast, Avira, Bitdefender, Kaspersky and Norton.
Have you experienced a malware problem on your mobile device? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 1 May 2015
For Fun: Buy Bob a Snickers. |
Prev Article: Whose Car Is It Anyway? |
The Top Twenty |
Next Article: Install Google Password Alert? |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Mobile Malware: No Big Deal? (Posted: 1 May 2015)
Source: https://askbobrankin.com/mobile_malware_no_big_deal.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Mobile Malware: No Big Deal?"
Posted by:
Charley
01 May 2015
I've been using Lookout for years, but it wasn't tested in AV-Test. But now I am considering switching to one of the others (AVAST, CM).
Posted by:
Ron
01 May 2015
Is what I've heard about the FASHLIGHT app on both IOS and Android true?
EDITOR'S NOTE: See http://askbobrankin.com/is_your_flashlight_app_spying_on_you.html
Posted by:
Rhonda Lea Kirk Fries
01 May 2015
I've used Lookout since I got my first smartphone (paid plan--first by me, now still by me but through T-Mobile as part of the protection plan).
I also don't use free apps. (Google Apps would be an exception.) Free apps and their ads are the worst thing for a phone. Slows them down and makes them vulnerable. I do use the Amazon App store, but not often.
Posted by:
Sandy
02 May 2015
Installed AVG mobile on phone; nary a problem, ever.
Posted by:
Snert
02 May 2015
This is good info. Be aware, they're out to get you no matter what you do and they never quit as long as they can make the bck$$.
Posted by:
MmeMoxie
04 May 2015
I have been fully aware, of the problems for the Android Smartphones, with malware, viruses and the like. I am using Avast! Mobile, now.
When, I first learned of the malware and virus problems, on an Android Smartphone, I found a company called Qin, yes, that is how it is spelled. There was Lookout Mountain, but, Qin seemed to have more security and yes, this program is from China. Well, they upped the annual charge for Qin and that is when I saw, that Avast! finally, had a Mobile Anti-virus program. Boy, I jumped on that, quick like and downloaded the program.
My Android Smartphone has been safe, with both programs.
Posted by:
Kjay
05 May 2015
Hi Bob
I have Malwarebyte and Bitdefender AV Free apps on my Android phone. Is android OS like Windows where they might conflict? and what is your opinion of these apps. I value your advice as always.
EDITOR'S NOTE: As far as I konw, they will not conflict. But MBAM mobile doesn't seem to get very good reviews.