Jump to content

Android is almost impenetrable to malware


securitybreach

Recommended Posts

securitybreach

Contrary to what you’ve heard, Android is almost impenetrable to malware

 

image-1-mlod1.png?w=1024&h=579

 

Until now, Google hasn’t talked about malware on Android because it did not have the data or analytic platform to back its security claims. But that changed dramatically today when Google’s Android Security chief Adrian Ludwig reported data showing that less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users. Android, built on an open innovation model, has quietly resisted the locked down, total control model spawned by decades of Windows malware. Ludwig spoke today at the Virus Bulletin conference in Berlin because he has the data to dispute the claims of pervasive Android malware threats.

 

Ludwig sees security in biological terms:

 

“A walled garden systems approach blocking predators and disease breaks down when rapid growth and evolution creates too much complexity. Android’s innovation from inside and outside Google are continuous, making it impossible to create such a walled garden by locking down Android at the device level.”

 

He stated Google’s mission in defending against malware in terms more closely akin to the Center for Disease Control (CDC) than the PC security industry.

 

“The CDC knows that it’s not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks.”

 

The problem Google wants to solve is that most independent security researchers don’t have access to a platform such as Google’s to measure how many times a malware app has been installed. They are analogous to human disease researchers without a CDC to measure the size of a disease outbreak and coordinate a response. Security researchers are very good at finding and fixing malware, but in the absence of reliable data that indicate how frequently a malware app has been installed, the threat level can become exaggerated. Reports that reach publication are often extremely exaggerated. To emphasize this point, Ludwig revealed in his analysis that some of the most publicized recent malware discoveries are installed in less than one per million installations.

 

A recent leaked report (pdf) from the Department of Homeland Security (DHS) found that most Android malware was installed via text message. We’ve asked DHS to confirm its findings but have gotten no response at this time. This is what Ludwig had to say:

 

“An application that a user installs from a link within a text message would be included in these statistics [reported today in Berlin]. Some of the short one to two day increases in ratio of installs per million apps can be attributed to text messaging or email spam campaigns.”

 

Contradicting these anecdotal reports, Ludwig’s analysis indicates that Android malware is not as significant a threat as has often been reported. Ludwig suggests that combining Google’s data driven approach with the research efforts of the industry will improve Android’s malware defenses going forward......

http://qz.com/131436...ble-to-malware/

  • Like 1
Link to comment
Share on other sites

ya know , throwing down a gauntlet to the bad hackers out there is not really a good idea.

plus, i think a major point is being missed - the really good hacks use social engineering as part of the hack.

20 dead bolts don't help much if you open the door a crack to see who is there :)

  • Like 3
Link to comment
Share on other sites

V.T. Eric Layton
20 dead bolts don't help much if you open the door a crack to see who is there :)

 

Darn right!! I love that :thumbup:

 

Need a peep hole. :)

Link to comment
Share on other sites

Hello,

 

Article is from October 2013.

 

Frankly, there's a lot more PUAs (potentially unwanted applications), adware and programs that verge on spyware with Android than there are things like viruses and worms. It is a somewhat-nuanced discussion, but claims about Android invulnerability typically focus on the latter type, as opposed to the form.

 

If malware really isn't a problem, though, perhaps Google should remove all existing anti-malware apps from its Play Store and not allow their upload, either, just like Apple and Microsoft do for their respective smartphone app stores.

 

Regards,

 

Aryeh Goretsky

  • Like 1
Link to comment
Share on other sites

securitybreach

Well most of the problems are sideloaded applications and free knock off apps of paid apps. I have been using Android since 2008 and I have never once seen a piece of malware. I have only been using eset for a little over a year now.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...