Mobile // Mobile Devices
Commentary
12/20/2012
10:33 AM
Larry Seltzer
Larry Seltzer
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Android Fails in Mobile Malware Research

There are many more malware-infected Android devices out there than you might think. It's all because the Android ecosystem and Google Play store are more friendly to malware and exploits than iOS and the Apple App Store or Windows 8, Windows Phone and the Windows Store. There's some, but not much reason, to think things will improve for Android in the near future.

What about Windows? Microsoft's Windows Store sells apps for Windows 8, Windows RT and Windows Phone. All of this is a bit young and market share is small enough that it's possible nobody has even tried to submit malicious code, but Microsoft has gone to some trouble to prevent it. The software giant has credibility in this, as over the last 10 years it has transformed desktop and server versions of Windows from security jokes to industry leaders.

Microsoft provided me with these links for app security provisions:

Windows 8 implements all of the techniques in Windows 7 to protect against malware and some new ones, most importantly (as I see it) a new generation of SmartScreen. SmartScreen is a reputation system. For some time it has been used by Internet Explorer to determine whether a web site is known to be safe, unsafe, or if it has never been seen before. Windows 8 extends this reputation system to files generally. See the screen capture below:

Because of the enormous installed base of Windows and Internet Explorer, the reputation system has great credibility. Windows 8 also comes with a version of Windows Defender to act as an anti-malware solution if you don't have a third-party product installed.

Apple's rules and procedures for developer identity verification and vetting of programs ("We review all apps to ensure they are reliable, perform as expected, and are free of offensive material") are famously thorough and strict. Microsoft's developer ID requirements and procedures are also fairly thorough.

Google asks few questions and I see no evidence that they verify anything meaningful. In fact, by keeping fees the lowest in the business, minimizing identification requirements and making a joke out of code signing they have created the perfect low-cost/low-consequence environment for writing malicious code.

Strong controls keep malware out of Apple's App Store and weak controls in Google Play invite it in. Trail of Bits found 30 malicious app campaigns on Google Play and none in the App Store. Source: Trail of Bits

It's simply too early to tell whether malware and other malicious app behaviors will be a problem for Windows Phone, Windows RT or Windows 8 apps. But it's certainly not too early to reach a verdict on Android: Google has failed to implement sufficient controls and malactors have rushed in to take advantage. The overall numbers may be low as they represent only a small percentage of installed base, but they're big in absolute terms. Be careful out there.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.