The amount of malware available on Android phones jumped by more than 40 percent in the second quarter of 2013 according to research from security software company Trend Micro, showing there’s still a lot of channel opportunity for education, policy, and systems around mobile security.
A new report from Trend Micro finds the number of malicious apps on the Google Play app store rose to 718,000 in June, up from 561,000 in April, with the majority of new malware appearing as malicious spoofs of popular apps. The most popular modus operandi for Android malware remains subscribing unwitting downloaders to unwanted and expensive services (44 percent of all malicious apps), while data theft was a decent second at 24 percent of malicious apps.
There seems to be little reason to expect this growth to slow down. If anything, last month’s disclosure of the “master key” vulnerability in the Android security model – a flaw that researchers believe could allow virtually any Android app into a Trojan horse – could signal that there’s a lot more to come. And the “fractured nature” of the Android community, which makes it very hard to reach all users with an immediate patch for known vulnerabilities, continues to be challenging, said JD Sherry, vice president of technology and solutions at Trend Micro.
“Until we have the same urgency to protect mobile devices as we have for protecting PCs, this very real threat will continue to grow rapidly,” Sherry said. “At the rate this malware is accelerating – almost exponentially – we appear to be reaching a critical mass. To fight this, Android users need to take great care when using their devices and take the simple, but effective, step of adding security software to all mobile devices.”
While Sherry’s comments are directed primarily to consumer owners of Android, the popularity of devices based on Google’s mobile operating systems and the emergence of BYOD as an industry-shaping trend means mobile malware is as much a corporate issue as a consumer one.
A recent survey from the Ponemon Institute on behalf of cloud backup company Acronis shows that fully two thirds of companies allow personal devices on the corporate network, but education is sadly lacking, with just one in five organizations educating employees on privacy and security risks around using their personal devices on the network.
Trend Micro isn’t alone in noticing a dramatic upswing in the amount of malware on Android – Kaspersky Lab’s chief malware expert Alex Gostev this week said the company is detecting 5,000 new mobile Trojans every week.
Trend Micro’s Channel Mobile Security Discussion
Studies like Trend Micro’s on the rising tide of mobile malware can serve as a starting point for a discussion with clients about mobile security concerns, which itself can easily turn into a much broader and higher-value discussion about company policies, procedures and systems around mobile devices in specific and BYOD strategies in particular. Of course, as with any security sale, solution providers would be well served to stick as close to the facts as possible, and to downplay any real or perceived attempts to sell on fear, uncertainty and doubt.
Moving quickly away from the “hey did you hear” news bite of rising mobile malware rates and into a business value discussion around BYOD means the discussion is less about selling insurance (or selling on fear) and more about improving employee productivity and satisfaction.