If it seems like every other week, a new report comes out likening the growth of risky Android malware to the spread of the flu in a crowded office, it’s not your imagination.
Here are two more warnings that have recently come out:
Android malware spreading like wildfire
In Q1, the number was around 3,000. In Q2, the number jumped to a little over 5,000. But in Q3, the total number increased more than 10 times that — to 51, 447 to be exact.
The company believes cyber criminals are mostly producing variations on a theme, reusing code and making slight changes, as each of the 50,000-plus malicious apps were a single instance of 67 malware variants.
The fact that the hackers aren’t reinventing the wheel each time they code a new piece of malware helps explains the exponential growth.
Potentially risky apps threaten businesses
The other report, from security vendor Bit9, found the number of potentially risky Google Play apps is now somewhere around 100,000 (out of 400,000 total). Which means there’s now a one in four chance that an app from Google Play is untrustworthy.
The risk comes from the permissions requested by the apps. Bit9 says the dubious apps request permission to access sensitive information they have no business asking for, such as location data or call history.
Of course, just because a Google Play app is labeled “risky” doesn’t mean it’s illegitimate. But, merely having access to sensitive information presents a security risk. Whether app developers intend to exploit the security holes or not, the opportunity exists for someone to access data they shouldn’t.
Here’s an infographic Bit9 created to illustrate the problem:
So what to do with this information? For companies with burgeoning BYOD programs, or those that issue mobile devices to employees, clearly security needs to be top-of-mind. The most common recommendations from mobile security experts are:
- At the very least, insist users install mobile anti-virus software
- And tell users how to identify risky apps before they click download.
- Better yet, use Mobile Device Management software to manage the devices that connect to your network and block risky user behavior, and
- Isolate mobile devices on a segregated part of your network so if someone unwittingly downloads malware, it can’t access critical company data.