Posted by Andrew Harrison 30 January 2014
Citizen Myth: Android users 'ignorant' over platform's 'broken' security model
Numbers can speak for themselves. Except when they are mangled, squeezed and manipulated to the publisher’s will, as is common in the worlds of politics and PC technology. (Also see: Android Advisor.)
But let’s talk about IT, where huge businesses have been built by one particular group of doom harbingers and stat shifters: the virus industry. Or as they would style themselves, the ‘anti-’ virus industry, even if much of the cure can be as bad as the disease. (Read our security software reviews.)
So when a large corporation looks at the state of the threat landscape and finds that 99 percent of all mobile-targeted malware is focused on one mobile computing platform, I am more likely to believe its stats (even though it’s worth noting that, since buying SourceFire last summer, Cisco now has a stronger interest here).
The Cisco 2014 Annual Security Report highlights several home truths, such as the risk from having Java installed on your PC. With 91 percent of all computer infections in 2013 based on Java exploits, it’s not surprising that CERT advisers recommend disabling all versions of Java in your browser. I’d go further and suggest never installing it in the first place, or totally removing it.
According to Cisco, that ‘dangerous’ mobile platform is Android, the software of choice for hackers, impoverished would-be smartphone owners, and the bulk of the population pounded by upgrade offers from their mobile provider, and then finds itself landed with a Google phone in the near-absence of feature-phone alternatives.
This seems to be the case in the UK at least, a saturated market in which mobile networks rely on upselling renewal contracts with a shiny new smartphone as the carrot. Mind, that’s not accounting for phone users further down the tech-intelligence quotient, the unwary fobbed with unloved Nokia Lumia handsets, unaware of that platform’s burning future.
Going back to those Cisco numbers, the most endemic malware threat for Android last year, at 43.8 percent of all recorded infections, was a Trojan called Andr/Qdplugin-A. It’s typically wrapped in games and other apps, and spies on your use of the phone and then sends personal info to remote servers, where it’s marketed on for profit.
Two ancillary points spring from this: one is the popularity of this Trojan in Chinese-speaking territories, where Android malware seems most rife; two is the reason most people ignore these threats is the same reason they’re using these mobile phones with their broken security model in the first place – ignorance.
Most Android users are as blissfully unaware of malware threats on their chosen phone as they are of the privacy violations that occur with their tacit blessing after they tapped Agree to all the conditions imposed in Google’s EULA.
It really shouldn’t be surprising that most citizen smartphone users don’t appreciate the threat from third-party spyware on their phone and the lifting of personal information, since they blithely ignore the same threat baked into Android by its very maker.
If you’d rather not have to deal with one of these two dangers to your Android phone, check out our group test of the six most effective malware spotters for Google Android.