The Android OS has been getting a lot of press lately, and a lot of it has been negative. Check out these headlines:
- 99% of mobile malware targeted Android devices last year
- Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps
- Squawk! Flappy Bird fakes are hatching Android malware
- Why Android devices are a security nightmare for companies
Wow. Sounds like the sky is falling!
Well I love my Android devices, and I don't want to give them up, so I decided to dig into this a bit more. I went to Kyle Hendricks, one of our Android developers here at Barracuda. Here's what he has to say on the subject:
Android is safer than it is perceived to be. People think Android is unsafe because the Playstore is much more open and lenient than Apple’s appstore. For $25 you can submit an app to the Android Playstore and it is posted within a couple hours with very little inspection by Google. Google has more of a “lazy” method of finding bad behaving applications. They depend on the community and their in house “bots” to find these bad apps. That said, Google has improved their security immensely in the past few years.
A lot of the concerns over Android security is based around FUD from the media. You see a lot of headlines and articles out there designed to get attention by scaring people. When Android suffers from a bad app or incident, it gets a lot of media attention.
Android users can also protect themselves from malicious application simply by watching the permissions that apps request when they are installed. If it’s a game and it’s asking to read text messages, it’s probably malicious. Also, apps that have a decent set of (positive) reviews are probably trustworthy.
The XDA Developers have put together an article that summarizes a recent Android security report:
When installing from non-Google sources, under 0.5% of applications are flagged by the application verification system. Of these, under 0.13% of these applications end up being installed by the user, and under 0.001% of these attempt to evade Android’s runtime defenses. The actual number that is able to cause harm and evade these defense mechanisms is unclear, but if the data is to be believed, it would reason that this number is smaller than 0.001% of applications that users attempt to install.
If you'd like to see the data and more information about the layers of security in Android, check out this presentation by Google’s Android Security Chief, Adrian Ludwig.
If you’d like to learn more about Barracuda’s research with Android, take a look at this Black Hat 2013 wrap-up on Barracuda Labs.
Kyle Hendricks has been with the Copy team since November 2011. He’s worked on the Android app and the desktop agents, and is currently head of the Copy mobile team. Connect with Kyle here on LinkedIn.