Google talks Android malware

mercurial

MyBB Legend
Joined
Jun 12, 2007
Messages
39,209
Google Talks Android Malware, Estimates That .001% Of Apps Evade Defenses And Harm Users

You hear a lot of reports about malware and other undesirable third-party apps these days, especially from security researchers (and people who want to sell you something to make you feel safe). It's undeniable that malicious apps are a problem on an open system, but new data from Google indicates that the amount of actual harm being done might be negligible. QZ.com reports on a presentation from Google's Android Security Chief Adrian Ludwig at the Virus Conference in Berlin. He estimates that .001% of Android apps are able to get past Google's defenses.

nexusae0_image-4-mlod-with_thumb.png

That number includes both apps on the Google Play Store and 1.5 billion side-loaded or non-Play Store app installs, at least on devices that also include the Play Store and its Verify Apps feature. (So Amazon's Kindle tablets and other Android-based devices without Google services aren't part of the equation here.) Verify Apps catches about .5% of non-Google Play installs and gives users a warning that they might be harmful. Of that .5%, Google estimates that 40% are community-created "rooting tools" (potentially dangerous, but not really malicious), 40% are fraudulent apps that try to steal money from the user's bill by making premium calls or text messages, and 15% are spyware, with the remaining 6% being mostly malicious apps that don't fall into the previous categories.

Approximately .12% of users choose to ignore the warnings from Verify Apps and install anyway, and Google considers this an effective deterrent for malware. Compared to, say, the User Account Control functions in the latter versions of Windows, it's hard to argue with them. The graph below shows the ratio of side-loaded apps since Google started tracking late last year, with the apps that were flagged represented by the red bar.

nexusae0_image-2-app-installs-histogram-1_thumb.png

Google has a vested interest in presenting Android as inherently safe, and these numbers don't mean that you should be any less careful with apps on or off of the Play Store. But it does indicate that at least some of the media fervor over the lack of security on Android might be somewhat overblown. Adrian Ludwig compared the current state of app security to a biological outbreak in which researchers and media don't have any hard data from the CDC to gauge a real threat. Now that the risk has been quantified, Google and the security community should be better-equipped to deal with the problem.
Source
 

AlphaJohn

Executive Member
Joined
Sep 10, 2012
Messages
7,091
Problem is security is as strong as your weakest link.

The OS can be so strong that there is not a single hack point, and all it takes is a custom keyboard that sends your keystrokes off to some server on the net where it can be analysed. Example entering banking usernames and passwords can be easily captured and used. Looking at app permissions doesn't help much either as there is not a single keyboard on the market that do not have network access. Most claim this is for language packs or such but ultimately you have no clue what that app is doing. So yeah the OS is secure and no mallware can install by itself but the user in this case is the weakest link and man are some users dumb so will install anything from any place.

PS I love Android and will never switch but I just wish the dam OS came with a proper permission management system where I can disable some functions I deem apps should not have or even just let the apps prompt me before they do said actions. Example above, I would like to block my keyboard's internet access and when it wants to update should prompt me 1st.
 

Mokrayz

Well-Known Member
Joined
May 24, 2012
Messages
210
Per app permission control is coming to android 4.3. Some custom roms already has the feature. Like Rootbox I have on s3. I have been using android devices for a few years now and was very worried about viruses on my first devices. Havent used an anti virus on s3 ever since I notice it only slows the phone down and never had problems with viruses. I must agree with you cause the same thing with my PC. I havent had a serious virus problem for years, but then I have friends who I regularly have to help with removing viruses on their PC's. So its important to understand where viruses come from and to always be aware of what you install and the source of the app. If your downloading apps from share sites there is no guarantee that your data isn't already being sent to somebody phishing for your personal details.
 
Top