It’s no surprise that the open nature of the Android platform makes it a magnet for malware, but the type of malware becoming more prevalent illustrates the blurring lines between legitimate apps that gather data for company use and those that violate users’ privacy.
“Though most adware are designed to collect user information, a fine line exists between collecting data for simple advertising and violating one’s privacy,” the report released today said. “Because they normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out.”
Characteristics of such aggressive mobile adware include persistent ad displays to generate a profit for app developers and apps that gather personal information without explicit consent, such as call histories and locations.
Trend Micro said the rise of such high-risk apps help account for a nearly sixfold increase during Q3 2012 in malware targeting the Android platform — from 30,000 in June to almost 175,000 between July and September.
Ad networks are particularly troublesome. Some such networks provide in-app libraries that cull more data than developers declare and fail to alert users.
“App developers can either choose to closely examine ad libraries and ask their ad network to modify their code or rely on another ad network. We believe that the value of information stolen from users far outweighs the cost of due diligence on the side of developers and the ad networks that support them,” the report’s authors stated. “Even worse, we’ve now seen evidence of mobile apps being developed as targeted attack tools. Attackers are no longer just limiting their sights to computers as points of entry into target networks. Android’s popularity has definitely not gone unnoticed.
“The fact that only 20 percent of Android device owners use a security app does not help.”
Also noted in the quarterly report was an increase in ZeroAccess malware, which is popular on peer-to-peer networks and now able to patch system files. It moved to first place in rankings with more than 900,000 detections.
In addition, Saudi Arabia was the top spam-spewing nation, accounting for 21 percent of all worldwide spam. India was second with 18 percent.