or Connect
AppleInsider › Forums › Mobile › iPhone › Lookout, Retrevio warn of growing Android malware epidemic, note Apple's iOS is far safer
New Posts  All Forums:Forum Nav:

Lookout, Retrevio warn of growing Android malware epidemic, note Apple's iOS is far safer

post #1 of 53
Thread Starter 
Security firm Lookout is sounding alarm of a growing trend in Android malware, while market research company Retrevo notes that Android users are the least prepared and informed about malicious mobile software. Both note that Apple's stringent control over iOS has resulted in a far safer mobile platform for users.

Lookout collects information from ten million devices globally via integration with more than 700,000 apps. The firm reports an 85 percent increase in the number of mobile malware detections among its monitored users, noting that Android users are 2.5 times as likely to encounter malware than just six months ago.

In the first half of the year, Lookout reports that unique Android apps tainted with malware had grown from 80 to more than 400 titles by June. Even so, Lookout noted that "while [Android] malware has increased at a faster rate then spyware, Android users are still slightly more likely to encounter spyware than malware."

In contrast, there are no known iOS malware or spyware apps in the App Store. As Lookout states, "currently, malware and spyware have primarily targeted Android devices, though there are commercial spyware applications available for jailbroken iOS devices."

The open nature of Android's official Google Market, Amazon's Appstore, and other alternative download sites has enabled malicious users to easily add malware to existing legitimate apps and then repost them for sale or free distribution. One example of this, known as DroidDream, has been added to at least 80 different Android titles, using a process illustrated by Lookout (below).



Lookout also drew attention to a new risk for Android Market users it refers to as an "update attack." The firm notes that "recently, malware writers have begun using application updates as an attack method in the Android Market. A malware writer first releases a legitimate application containing no malware. Once they have a large enough user base, the malware writer updates the application with a malicious version."

Malvertizing also unique to Android

Another vector for malware distribution on Android devices is tainted web links, where users are directed to click on links (sometimes through legitimate looking mobile ads) that open up a web page and cause tainted software to automatically be downloaded to the device.

Lookout warns the this new threat, referred to as "malvertizing," has successfully ensnared about three out of ten users and that the practice is growing.

The design of iOS prevents software from being directly downloaded off the web, although web based exploits can be used to attack Apple's devices. "Thankfully," Lookout notes, "we havent seen evidence of these exploits being used maliciously; they were primarily used to allow users to jailbreak their devices."

Both iOS and Android users can fall prey to phishing scams, which don't necessarily involve any breech of security or installation of malware. Instead, users are simply tricked into supplying their login credentials, credit card information, or other data through a social engineering scam.

Mobile security through software patches

Protection from the potential security threats of exploitable software is delivered through firmware and OS updates. Lookout notes that among Android devices, "it is up to device manufacturers to produce a device-specific firmware update incorporating the vulnerability fix, which can take a significant amount of time if there are proprietary modifications to the devices software."

Android licensees often take between three to six months to deliver the latest updates to their users. Apple provides updates that users can install the same day they are made available, as there are no middleman hardware makers or carriers to hold up the rollout of such software. Still, many users fail to update their iOS devices, Lookout notes.

"Many users simply plug their iOS devices into an outlet to charge them and rarely sync. According to one report, as many as 50 percent of iPhone users do not regularly sync with iTunes and thus are unlikely to receive critical security updates," Lookout states.

The firm adds that "Apple has announced that its upcoming iOS 5 will support firmware updates downloaded over the air and will not require syncing with a computer to apply them."

Mobile security from physical threats

An additional risk noted by Lookout involves physical threats, where a user's phone is lost or stolen and sensitive information can be recovered. In this respect, users can protect themselves using password protection or other precautions to protect their data.

A report by Retrevo notes that out of a 1,000 users, 61-62 percent of iPhone and BlackBerry users were using password protection, while only 49 percent of Android users were. Conversely, only 29 percent of iPhone users said they having done anything to prevent others from misusing data on their phone, while 39 percent of Androids users said they weren't doing anything.

The firm reported similar numbers on the awareness of viruses and malware, stating, "Apple iPhones are much less susceptible to malware partly because more stringent oversight from Apple keeps iPhone owners out of harms way. The open sourced-based Android phones are much more susceptible to malware however it appears that fewer Android owners are aware of this."



While 36 percent of iPhone owners reported thinking that their phone could be infected by malware, only 32 percent of Android users were aware of any risk, despite the sharply growing threat among Android phones and the far greater likelihood of infection due to the permissiveness of Google's software platform design.

In terms of recovering a lost phone, only 26 percent of iPhone users said they didn't know how to use a recovery service (such as Apple's Find My iPhone), while 39 percent of Android users didn't know about recovery options. Conversely, 37 percent of iPhone users said they would use a recovery service, while only 18 percent of Android users said they would.
post #2 of 53
iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...
post #3 of 53
ok whats new in this post? anyone?
Happy DiNo ***MAC Pro*** 2X 3.2GHz Quad-Core Intel Xeon 32GB RAM Mac Pro RAID Card 2 X 300GB 15,000-rpm SAS 2 X 1TB 7200-rpm Serial ATA 3GB/s NVIDIAQuadro FX 5600 1.5GB 2X 16x S-Drives AirPort...
Reply
Happy DiNo ***MAC Pro*** 2X 3.2GHz Quad-Core Intel Xeon 32GB RAM Mac Pro RAID Card 2 X 300GB 15,000-rpm SAS 2 X 1TB 7200-rpm Serial ATA 3GB/s NVIDIAQuadro FX 5600 1.5GB 2X 16x S-Drives AirPort...
Reply
post #4 of 53
Quote:
Originally Posted by JVP View Post

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

idiot...
post #5 of 53
Quote:
Originally Posted by twistedarts View Post

idiot...

I second that motion.
turtles all the way up and turtles all the way down... infinite context means infinite possibility
Reply
turtles all the way up and turtles all the way down... infinite context means infinite possibility
Reply
post #6 of 53
Quote:
Originally Posted by twistedarts View Post

idiot...

Sarcasm - maybe you've heard of it?
post #7 of 53
Quote:
Originally Posted by JVP View Post

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...


THAT was your first post? Oh lord.

EDIT: Sorry, I missed the sarcasm as well
post #8 of 53
Quote:
Originally Posted by nitro View Post

ok whats new in this post? anyone?

Another pseudo white paper filled with alarmist 'information' and chock full of numbers and percentages? Think I'll pass on this 'news' article as well...
post #9 of 53
Quote:
Originally Posted by JVP View Post

Sarcasm - maybe you've heard of it?

Next time use sarcasm tags <sarcasm> </sarcasm>

:-)
post #10 of 53
This is of no surprise whatsoever.

Android fanboys will defend their platform simply by stating that the affected users were just too stupid to use a smartphone, and if they can't root their phone, or manage memory/battery resources, then they have no business using one.

Even certain (unnamed) android enthusiasts sites are entertaining the thought of having Google instantiate a sort of walled-garden approach like Apple. Hell is freezing over, and hypocrisy is all over the place.

As far as I'm concerned, iOS' App Store is still the best and most solid way to go. I don't want to have to think twice about whether or not I "trust" a certain app. Apple did it for me, and I have better things to do with my life than to start second guessing things I put on my iPhone. I'm beyond that now.

The dedication that fandroids have towards this broken security model will be their undoing. They're scared to death to admit that maybe, just maybe, Apple got this part right.

Keep eating your denial-pie boys.
post #11 of 53
Quote:
Originally Posted by JVP View Post

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

Don't worry, I caught the Mac OS X/Windows malware reference.
post #12 of 53
Couldn't somebody technically use the PDF exploit to brick anybody's iPhone that visits a malicious website that has 4.3.3 or earlier installed? Fortunately nobody has used it for malicious purposes, but I have wondered about that.
post #13 of 53
In the meantime, Google's lawyer is on an anti-Apple/anti-MSFT/anti-Oracle rant..... sheesh: http://online.wsj.com/article/BT-CO-...03-722219.html
post #14 of 53
Quote:
Originally Posted by JVP View Post

Sarcasm - maybe you've heard of it?

You might want to look up Poe's law
post #15 of 53
Quote:
Originally Posted by JVP View Post

Sarcasm - maybe you've heard of it?

my bad. apologies...
post #16 of 53
Quote:
Originally Posted by JVP View Post

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

I picked up on it and thought if funny. Instead if the sarcasm tag you could try using punctuation that indicates sarcasm, like the upside-down exclamation point (¡).
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #17 of 53
Quote:
Originally Posted by Negafox View Post

Couldn't somebody technically use the PDF exploit to brick anybody's iPhone that visits a malicious website that has 4.3.3 or earlier installed? Fortunately nobody has used it for malicious purposes, but I have wondered about that.

They could. The JailbreakMe solution is very clever which makes it very complex. Whomever made it has some serious skills.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #18 of 53
You did notice the smiley face dude at the end of the sentence right? That generally means a person is kidding.

Quote:
Originally Posted by twistedarts View Post

idiot...
post #19 of 53
Your link suggests it is difficult to indicate sarcasm on the Internet without some indication of humor, such as a smiley face. You might want to look at the post again.


Quote:
Originally Posted by Orlando View Post

You might want to look up Poe's law
post #20 of 53
Im more concerned with evidence in this article that a large number of Android apps are infected by Lookout integration
post #21 of 53
Quote:
Originally Posted by JVP View Post

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

serious?

What ever, I've zero sympathy for droid heads.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #22 of 53
Quote:
Originally Posted by digitalclips View Post

serious?

What ever, I've zero sympathy for droid heads.

So you completely ignored the ENTIRE rest of the thread where we establish multiple times the sarcasm of the post.

Much less having ignored the marijuana-smoking emoticon implying sarcasm.

While it's possible his meaning would have been clearer if he had used the proper punctuation for sarcasm, I seriously doubt it⸮​

I mean, there's no possible way that the proper punctuation would have ever been better⸮​

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #23 of 53
Quote:
Originally Posted by AppleInsider View Post

Security firm Lookout is sounding alarm of a growing trend

"while [Android] malware has increased at a faster rate then spyware, Android users are still slightly more likely to encounter spyware than malware." [/c]

sounding the alarm

Right use and wrong use in one sentence:
faster rate then spyware = incorrect
spyware than malware = correct
post #24 of 53
All warm and cozy in my walled garden.
post #25 of 53
Really the virus thing is a joke. Just like windows the average user does not have to worry about viruses. I have only gotten one virus, let me tell you that is with getting two emails from my university telling me I am using to much download bandwidth, one threat from time Warner. To put things into perspective I download alot. Only virus I ever got was on my old blackberry. Never had any issues with windows seven and kepresky (free with my motherboard) or my current Android phone and not with the tablet in my hand. Of course ifvyou adopted a market based system to deliver Apps you run the risk of having some ass-hat making a malicious software. Good thing is google is quick to react and remove the Apps when they are reported and removing them.
post #26 of 53
Quote:
Originally Posted by JVP View Post

iOS is only more secure since it has lower market share than Android. Once iOS market share increases closer to that of Android, it will see far more virii and malware since it is not more inherently secure on the os level...

Love it... what a classic response!
post #27 of 53
Quote:
Originally Posted by Apple v. Samsung View Post

Really the virus thing is a joke. Just like windows the average user does not have to worry about viruses. I have only gotten one virus, let me tell you that is with getting two emails from my university telling me I am using to much download bandwidth, one threat from time Warner. To put things into perspective I download alot. Only virus I ever got was on my old blackberry. Never had any issues with windows seven and kepresky (free with my motherboard) or my current Android phone and not with the tablet in my hand. Of course ifvyou adopted a market based system to deliver Apps you run the risk of having some ass-hat making a malicious software. Good thing is google is quick to react and remove the Apps when they are reported and removing them.

Yup it's a joke that everyone that uses a PC has to use antivirus. Good thing Google is still allowing the Android Marketplace to be rampantly uncontrolled but quick to react... Once people report apps.
post #28 of 53
Quote:
Originally Posted by TBell View Post

Your link suggests it is difficult to indicate sarcasm on the Internet without some indication of humor, such as a smiley face. You might want to look at the post again.

To be fair, I didn't add the smiley until later - did intentionally leave it out to see what kind of response it would get. His reference to Poe's law was a valid one.
post #29 of 53
Quote:
Originally Posted by Apple v. Samsung View Post

Good thing is google is quick to react and remove the Apps when they are reported and removing them.

Prevention (so that these apps never make it to the market) would be infinitely better.
post #30 of 53
Quote:
Originally Posted by nvidia2008 View Post

Yup it's a joke that everyone that uses a PC has to use antivirus. Good thing Google is still allowing the Android Marketplace to be rampantly uncontrolled but quick to react... Once people report apps.

Agree with the 2nd point, the first however depends on what type of AV software. Are we talking 3rd party like Norton, AVG, Malwarebytes? Because even then while the overwhelming amount of windows users DO use AV software, taken literally your statement would be false.

Quote:
Originally Posted by J.R. View Post

Prevention (so that these apps never make it to the market) would be infinitely better.

Agree 100%
post #31 of 53
Quote:
Originally Posted by Apple v. Samsung View Post

Really the virus thing is a joke.

I want to know how much of this malware is actually a Virus and how much are just Trojans.

Nothing is immune from Trojans, Viruses are a different story...
post #32 of 53
Quote:
Originally Posted by Apple v. Samsung View Post

Really the virus thing is a joke. Just like windows the average user does not have to worry about viruses. I have only gotten one virus, let me tell you that is with getting two emails from my university telling me I am using to much download bandwidth, one threat from time Warner. To put things into perspective I download alot. Only virus I ever got was on my old blackberry. Never had any issues with windows seven and kepresky (free with my motherboard) or my current Android phone and not with the tablet in my hand. Of course ifvyou adopted a market based system to deliver Apps you run the risk of having some ass-hat making a malicious software. Good thing is google is quick to react and remove the Apps when they are reported and removing them.

Only 1 virus that you know about.

Love that kepresky.

Love that university education!
post #33 of 53
I think that the problem with the Android Market is that it's way too easy to install something suspicious if you don't know what you are doing. That's why I downloaded a virus protection program on my Android. I haven't found anything yet, but I'd rather be one step ahead of the game, and if I do loose my phone I can find it. the IOS on the other hand restricts things all over the place and gets quality software in their market. IMHO I think the best solution would be to have a closed Android Market that is only closed in the sense "we make sure your app isn't malicious and works as intended and we'll let you lin". If they do that it might solve lots of issues.
post #34 of 53
I think good things are coming constantly from Apple, so there should be no need to publish such rubbish as this "article" in order to make people here feel good. Even if there was a grain of truth in the FUD above, those who should care about it are likely not on AppleInsider... Do you think Android users give a sh8t about this "epidemic"? Probably just as little as any iOS user about the recurrent browser exploits...
post #35 of 53
Quote:
Originally Posted by just_a_guy View Post

That's why I downloaded a virus protection program on my Android...

Welcome to 1991!
post #36 of 53
Quote:
Originally Posted by just_a_guy View Post

... That's why I downloaded a virus protection program on my Android...

Having to load anti-virus on a phone. How sad is that. Yet the phandroid community finds this acceptable.

Welcome to Android people. The mobile version of Windows XP!!! No wonder they will need quad-core and higher CPU's to handle all the bloatware that will have to be running just to keep the handset from being compromised!!

So sad...
post #37 of 53
So a company selling anti-malware software reckons that malware is on the rise?

I am shocked. /SARCASM
post #38 of 53
Unfortunately the author of this article has repeatedly shown that he can't be trusted as impartial in this kind of report.

Whatever te reality is, it will be far less extreme than presented here.
post #39 of 53
Quote:
Originally Posted by JVP View Post

To be fair, I didn't add the smiley until later - did intentionally leave it out to see what kind of response it would get. His reference to Poe's law was a valid one.

The real problem is that Poe forgot to include a winking smiley at the end of his statement of Poe's Law.
post #40 of 53
Any unbiased comparison of iOS, Android and malware would have to conclude that Android users have more to be concerned about than Apple users. No doubt about that at all. It doesn't mean iOS is immune, but Apple's closed loop certainly keeps any malware dangers to a minimum.

At the same time, is the danger of malware infection really that high if users stay to the official Android Market? Personally I don't think so. There's been billions of app downloads from Google's Android Market, yet just a comparatively tiny number of users affected by malware infecting any of those applications. At least so far. . .
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Lookout, Retrevio warn of growing Android malware epidemic, note Apple's iOS is far safer
AppleInsider › Forums › Mobile › iPhone › Lookout, Retrevio warn of growing Android malware epidemic, note Apple's iOS is far safer