Google’s Android has seen rapid growth in the mobile operating system (OS) space over the past couple of years, overtaking Apple’s iOS, at least on smartphones. Android is the mobile OS used on over half the mobile phones nowadays, which makes an interesting target for the creators of malicious software, also referred to as malware.

Juniper Networks reported a 472 per cent increase in Android-targeted malware between July and November of last year.- Christina Goggi

Malware has been around for a while now in the world of PCs, and comes in many forms, from viruses and worms to Trojan horses and spyware. Malware is designed to either tamper with the operating of a PC or software-operated device, to gain access to systems or to gather sensitive information.

Whereas in the early days (during the 1980s and 1990s) most malware was simply created as a form of vandalism, spread through shared floppy disks, nowadays the majority of malware creators design their code with the intent of financial gain. Using internet access as a tool, malware creators aim to gain access to systems or to collect sensitive information, such as passwords, credit card details or financial records.

Most PCs nowadays have some form of antivirus or anti-malware software installed to prevent malware infection, making the traditional computer less lucrative for malware creators to target. Instead,the rise of new mobile operating systems, with internet access and high browser use, offers an opportunity to target users more effectively.

In the case of Android, antivirus apps have been available since the early days of the platform, though they were probably piggybacking on users’ perceived need to install an anti-malware tool, after having been taught to do so on their regular desktop PCs and laptops.

Yet malware threats on Android are a reality now. In March 2011, Lookout security reported a piece of malware called DroidDream, which had the ability to get full access to Android devices, allowing it to take full control. Although Android was quickly patched to prevent DroidDream from wreaking havoc, Juniper Networks reported a 472 per cent increase in Android-targeted malware between July and November of last year.

Android has proven to be much more vulnerable than other mobile operating systems, such as Apple’s iOS. Being open source in nature (Android’s source code, or software blueprint, is available to software developers), Android is inherently more susceptible to malware, since malware creators can more easily find flaws in the system and exploit them.

Mobile operating systems, like traditional PC operating systems, can be targeted through web browsing (accessing websites which have been set up with a piece of malicious code which gets installed when the user visits the site), though for the time being there are few such cases in existence. However, the wildly popular use of mobile apps has become another source of malware threats and the vast majority of Android-based malware comes from malicious apps. Although Apple’s App Store closely scrutinises any app that is submitted by app developers to their approval process, Google Play, Android’s app market, is far less cautious with the apps it allows to be published on the platform. It’s estimated that even when an app is reported to Google Play as being malicious, it can take between two to four weeks for the same app to be removed. Moreover, Google Play allows other publishers to set up their own app markets, Amazon’s App Store being a case in point, opening another door for malware creators.

Traditional viruses, which spread between PC systems, don’t exist on Android as yet, though there are plenty of other types of malware which try to trick Android users. Malware-laden apps sometimes act like traditional Trojan horses: simply opening the door for more malware to be installed without the user being aware. The covertly installed malware then tries to grab passwords, take over Google accounts and copy sensitive documents which may be stored on the device.

Google Play already lists a large choice of anti-malware and security apps. However, do all of these apps really work? Moreover, do Android users really benefit from having one installed on their devices or can they do without one?

There are a few drawbacks with installing an anti-malware app on your mobile device. First, these apps are known to increase the load on the already poorly performing batteries most smartphones are equipped with nowadays. Secondly, as is the case with PC-based antivirus software, such apps impact the device’s processing speed, meaning other apps running on your phone may become slower or jittery in operation. Thirdly, although no cases have yet been reported, in the future anti-malware apps which look legitimate may actually be malware in disguise.

It’s estimated that even when an app is reported to Google Play as being malicious, it can take between two to four weeks for the same app to be removed- Christina Goggi

AV-TEST, a German institute for IT security, regularly examines anti-malware tools and their effectiveness in cleaning malware from infected devices. Their most recent test for Android anti-malware apps (March 2012) shows that only a handful of these apps catch over 95 per cent of malware used in the tests. Moreover, it’s mostly the more well known vendors for PC-based anti-malware software that perform well. Although some providers offer free and paid options, often the free version is just as effective.

Whatever you choose to do when it comes to malware protection, it’s always wise to prepare for a worst-case scenario by using a backup tool or a trusted cloud-based service which automatically syncs your data between your mobile device and your PC or laptop. Anti-theft tools are also available, allowing you to remotely access an internet-connected Android device, lock it from use and wipe clean any (hopefully backed up) personal data.

In the end, as with traditional PC use, the best form of defence against malware starts with educationand common sense.

Setting up defences

AV-TEST suggests that although effective apps are available, there are still relatively simple steps Android users can take to prevent rather than cure malware.

Without installing an anti-malware app, users can avoid headaches, or worse, caused by malware through taking these steps:

Before downloading an app, be sure to have a look at the app’s publisher. Have they published other apps with good reviews and at least a thousand downloads or so, and are reviews available when you search for the app’s name? If you’re considering an app which is still relatively new, be especially cautious.

Don’t install Android apps (called APKs) directly from a (micro) SD card, since the source could have tampered with the app.

When you install an app and you’re asked to allow certain permissions to the actual app, have a look and see whether suggested permissions make sense to have. For example, does an app that helps you count calories really need to have access to your address book? Probably not.

Finally, and most importantly, only use legitimate sources for apps, such as Google Play and keep your device’s security settings in check, in particular the ‘Unknown Sources’ option under the Applications menu, which should be deselected to prevent any other apps than those offered by Google Play to be installed.

Christina Goggi is a web marketing content specialist and a regular blogger on various technology websites.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.