Since the launch of Trend Micro™ Longevity for Android™ Beta only 2 months ago, our users have made over 850,000 queries to our cloud-based Mobile App Reputation technology to get power usage ratings. This has brought to the surface an alarming statistic – only 20% of Android smartphone and tablet users have a security app installed on their device.
It’s hard to imagine that in a world where people’s personal lives are tracked and stored on their smartphones, and where most wouldn’t even consider running a home PC without security, we continue to see a blissful ignorance of the risks of smartphone usage.
Responses from people I speak with range from “There aren’t any viruses for phones, are there?“ to “I didn’t even know that you could get security apps for your phone.” And then there’s this one that stands out: “Google checks all the apps that are available so I will be safe.”
Google checks all the apps, right?
This last statement is the one that concerns me the most. Yes, Google is trying to control the apps that are available on Google Play and remove any potential security risks. However, this is like saying I’m going to leave my car unlocked with my camera, wallet, and driver’s license on the front seat while I watch a game at Cowboys Stadium, Wembley, the MCG or Stade de France, thinking I’ll be OK because there is a security guard walking around the parking lot looking for suspicious people.
Google says that they have 850,000 new Android device activations every day. Imagine that security guard protecting 850,000 new cars every day (in a parking lot that is getting exponentially bigger), 680,000 of which are unlocked with valuables on the front seat. There is a reason why we all have locks and alarms on cars….and we use them!
Source: Trend Micro Malware Blog – Jan 5, 2012
Trend Micro threat researchers predict that by the end of 2012 there may be over 120,000 malicious Android apps available. There are currently around 450,000 apps in the Google play store, and countless more available on the range of third party stores such as Amazon, Telco Carrier stores, independent global markets, and regional specific sites.
Source: www.AppBrain.com – May 2012
We have also discovered servers hosting malicious apps that are tricking people to download their wares. With the current growth rate in apps, we could see over 600,000 apps on Google Play by year’s end and maybe 1 million individual apps spread around on different sites on the net.
Why is all of this important you may ask? If you take the prevalence of traditional malware – AVtest.org estimates that there are just over 70 million malicious programs for traditional computers (tracked since 1984), this is a very small fraction of the total number of programs and files that have been written for Windows, Mac and Linux over the years.
The chances of stumbling across a malicious Android app are higher than a malicious PC program.
Now, with the estimate by year’s end of 120,000 malicious apps on Android from a total of 1 million – the ratio is 12%. These apps are generally concentrated either in app stores or related websites, and Android users are funneled to these locations to fulfill their app needs. So if you compare this to all the malicious programs spread across the entire Internet for traditional computers, then there is a much higher possibility of an Android user coming across a bad app. Why then is the current level of protection and the perceived need for protection so much lower amongst consumers?
This disparity is cause for concern to the public. For cybercriminals, it’s cause for celebration. For Trend Micro and the entire security software industry, it’s cause for more work as we need to do a much better job of educating the public about the dangers of their digital lifestyles, regardless of the device they choose to use.
I work for Trend Micro and opinions expressed here are my own.
To receive daily tips and alerts regarding Internet security, please follow Trend Micro “Fearless Web” Internet Security on Facebook at www.facebook.com/fearlessweb.