Malicious code infections on Google’s Android operating system tripled in 2012.
That’s according to mobile security firm NQ, who found that the 32.8 million devices running Android became infected last year. That’s a rise from the 10.8 million devices that were infected in 2011. In addition to the rise in infections, NQ also found that of the 32.8 million infections, 95% of them were actually specifically designed to exploit devices running Android.
Of the 32.8 million infections, most of them centered around three ways to take advantage of user’s devices: Smishing, application repackaging and navigating to malicious URLs.
NQ’s research points to app repacking is the most common way users manage to infect their device. Developers with malicious intent will add code into copies of popular applications, then make those applications available to users. Once installed on the user’s device, the developer would then be able to have that application collect the user’s data in the background without the user knowing. For example, last year a fake version of photo sharing application Instagram was downloaded 5 million times before it was found to contain malicious code.
Malicious URLs work in much the same manner, though instead of being installed on the phone, the user would need to have visited a website that contains the malicious code. Once the user navigated to the website, the code would then take advantage of any exploits in the mobile device’s browser code.
Lastly, Smishing centers on profiting from an infected user’s wireless bill. Using social engineering, developers with malicious intent would text or IM messages with links to malicious code. The report notes that one of the most popular techniques for smishing users involves automatically downloading expensive messages known as Premium Rate Service images over and over again to devices. These messages usually cost $4 each.
According to the report, devices running Android are susceptible to these attacks for reasons that are, in most cases, unique to the operating system. Operating system fragmentation is a particular issue for the Android ecosystem as a whole. 39% of Android devices being used are still using Android “Gingerbread” two years after it was introduced. As a result these devices aren’t running the security and software fixes introduced in later versions of the operating system.
Because of the open nature of Android, users can and do download from more places than the Google Play Store. Though Google Play doesn’t check the code inside applications when they are submitted, Google does monitor the Google Play Store for apps containing malicious code, and will remove them once found. Third-party app stores may or may not do this.
Personally responsibility also factors into Android’s high infection number. Android is susceptible to the very real and very unsafe habits of those who use it. NQ found that 58% of all 13-17 year olds in the United States own a smartphone. Not only are they more likely to own Android devices, they’re more likely to download applications that contain malicious code.