I’m an Android user by default. I don’t like the Apple devices, and the other options out there didn’t fit my needs. But one of the first things I do whenever I acquire a new Android device is to make sure I’ve downloaded security apps from trusted sources. I do so because I know that Android is extremely susceptible to malware.
I never realized really how susceptible Android was until recently. A new report from Kaspersky Lab found that in 2013, nearly 100,000 new malicious programs for mobile devices were detected, more than doubling what was found in 2012, and 98.1 percent of all mobile malware detected in 2013 targeted Android devices. The number of malicious applications used by cybercriminals is in the millions.
More alarming in my opinion is a report from RiskIQ that found that malicious apps found in the Google Play store increased by 388 percent between 2011 and 2013. Almost 13 percent of the apps downloaded from Google Play in 2013 were loaded with malware. That’s alarming because Android users are constantly told not to download apps from third-party sources, but rather download through Google Play. Now we’re being told that Google’s own app store is not safe either? It doesn’t have me tossing my Android devices and buying iOS ones instead, but it does have me thinking twice before downloading any app.
You may be thinking you’re safe if you have security apps on your devices and you make sure they are regularly updated. That should keep your device safe from bad apps, right? That’s what I thought, too, until I read further into the Kaspersky Lab report. As researchers Victor Chebyshev and Roman Unuchek wrote in a SecureList post:
Criminals are increasingly using obfuscation, the deliberate act of creating complex code to make it difficult to analyze. The more complex the obfuscation, the longer it will take an antivirus solution to neutralize the malicious code. Tellingly, current virus writers have mastered commercial obfuscators.
So, no matter how good my security software is, the bad guys have gotten very good at getting around it.
These reports should also be kept in my mind when creating BYOD policies. We can no longer trust that our security systems work, and thus, the primary security on a device should not be security software.