Android Threats Surge With Infected Third-Party ‘Angry Birds’ Apps: Tech
November 23, 2011
Android Security Threats Surge With Infected ‘Angry Birds’
David Paul Morris/Bloomberg
Members of the media and attendees look over a prototype of an Android tablet computer using Medfield Intel chips during the Intel Developer Forum (IDF2011) at Moscone Center West in San Francisco.
Members of the media and attendees look over a prototype of an Android tablet computer using Medfield Intel chips during the Intel Developer Forum (IDF2011) at Moscone Center West in San Francisco. Photographer: David Paul Morris/Bloomberg
In the era of the personal computer,
Apple Inc. (AAPL)’s machines were often less vulnerable to security
threats than the alternatives. That may also be the case with
the rise of smartphones.
Google Inc. (GOOG)’s Android operating system for mobile devices
has had an almost sixfold increase in threats such as spyware
and viruses since July, according to Juniper Networks Inc. (JNPR) That
may increase the perception that Apple devices are safer than
smartphones and tablets that run on Android, said Juniper.
“You’re not going to see nearly the number of infections
on Apple as you see on Android,” said Dan Hoffman, who leads a
team tracking mobile threats for Sunnyvale, California-based
Juniper, the second-largest maker of networking equipment.
Most of the growth in Android threats comes from
applications, or apps, available from sites not associated with
Google’s Android Market, according to data Juniper collected as
of Nov. 10. Apple doesn’t face the same issue because iPhone and
iPad owners can only get applications from Apple’s App Store,
which is controlled by the company.
“The open nature of the Android system makes it more
susceptible to attack,” Hoffman said in an interview. “If it’s
on a third-party site, Google can’t remove it.”
Making malware is easier with Android software because the
applications aren’t checked, the source code is open and the
apps can be sold on external sites, Hoffman said. Android is
free and available for download by anyone, while Apple screens
each application added to its store. With Android growing faster
than Apple’s system, it appeals to hackers seeking greater
reach, he said. Of the thousands of infected Android apps, 55
percent contain spyware, which can gather data from phone use.
Increasing Market Share
Google, based in Mountain View, California, and Apple,
based in Cupertino, are vying for control of a smartphone market
as computing evolves from desktop machines to mobile devices.
While Apple has championed a closed system in which it makes its
own hardware and doesn’t share its operating system, Google has
opted for an open approach, allowing companies such as Samsung
Electronics Co. and Motorola Mobility Holdings Inc. to use
Android in phones and tablets for free.
The wide availability of apps has helped the Silicon Valley
rivals outpace traditional handset makers such as Nokia Oyj (NOK1V) and
Research In Motion Ltd. (RIMM) The mobile handset market gained 5.6
percent in the third quarter to 440.5 million phones globally,
Gartner Inc. said. The Android system accounted for more than
half of smartphone sales, more than doubling its share from a
year earlier, while Apple’s share slipped to 15 percent from
16.6 percent.
Virus in Disguise
Hoffman said the 472 percent jump in application viruses
since July stems from Android users’ ability to buy apps online
at third-party sites like mmoovv.com and samsunggalaxy-s.ru that
can contain malicious applications alongside legitimate ones.
Android users may be drawn to the sites to find cheaper
versions of programs, or because the Android Market isn’t
available in some places, such as China. On a third-party site,
it’s possible to find an infected “Angry Birds” game uploaded
right next to a legitimate one, said Danielle Hamel, a Juniper
spokeswoman.
Spyware threats are increasingly coming from pirated
versions of popular apps, Hoffman said. While the apps are
designed to look and work like something legitimate already on
the market, they contain viruses that can grab users’ private
data or communicate with other parts of the phone.
‘Appropriate Action’
Randall Sarafa, a Google spokesman, said the company had no
comment. Trudy Muller, an Apple spokeswoman, didn’t respond to a
phone call.
“We take appropriate action when we encounter counterfeit
products, both digital and physical,” said Sini Matikainen, a
spokeswoman for Rovio Entertainment Oy, the Helsinki-based maker
of “Angry Birds.”
Citing competition from other security vendors, Juniper
declined to disclose the exact number of data samples used to
determine the increase in Android threats. In order for Juniper
to count an application as infected, it must have an instance of
“hostile” or “intrusive” code.
Juniper doesn’t have numbers for malware on Apple’s
operating system because cases are rare, Hoffman said. Security
researcher and hacker Charlie Miller said this month on Twitter
that he was kicked out of Apple’s development community for one
year after loading an app that exposed vulnerability.
Evolving App Market
The relative youth of the mobile-application market allows
programmers to exploit weaknesses in an open-source model and
once developers for Android discover all potential threats, it
might become more secure than a closed operating system over
time, said Edward Amoroso, chief security officer for ATT Inc. (T),
the second-largest U.S. wireless carrier.
“An open model tends to allow a flurry of vulnerabilities,
very quickly, that tend to stop being a problem as more people
find them,” Amoroso said in an interview. “A closed system
will have longer, more sustained, but more predictable and
controllable set of vulnerabilities.”
He said open-source operating systems for personal
computers were more vulnerable than Microsoft Windows for years,
until eventually the programming community was able to make them
safer.
Security Apps
The smartphone security threats may provide a business
opportunity for companies selling protection. IDC, an
information technology research firm, expects the mobile
security software market to expand 15.1 percent annually.
Consumers concerned with threats can load software onto
their phones for protection. Hundreds of security applications
are available at the Android Market, including Lookout Security
Antivirus which says it has more than 12 million users.
International Business Machines Corp. (IBM) and Symantec Corp.
are among those investing in solutions for the corporate market.
IBM last week started selling a service that ensures personal
devices comply with corporate security policies and detects
malware.
“Applications can do anything,” Latha Maripuri, a
director of security services at IBM, said in an interview.
“They can access your bank account through the data that you
may have stored on your e-mail. They can access whatever company
data you’ve uploaded. We’ve really seen a rise in threats and we
expect this to grow.”
To contact the reporters on this story:
Sarah Frier in New York at
sfrier1@bloomberg.net
To contact the editor responsible for this story:
Peter Elstrom at
pelstrom@bloomberg.net
<!—->