It’s commonly accepted that Apple’s tightly controlled iOS app ecosystem is a more difficult environment for scammers to push malware into than Google’s relatively open Android marketplace. But a new report from security provider Fortinet shows that Android’s dominance as the market leader in smartphones is making them a even juicer target for bad actors.
“Unfortunately, we believe Android’s higher market share comes with a price; an almost six fold increase in malware targeting the operating system,” Axelle Apvrille, senior mobile anti-virus researcher at Fortinet, wrote in an email release today. “To date, our Labs have seen a 90% increase in Android malware families in 2011 compared to 2010, while malicious iOS families only increased by 25%.”
While everyone was freaking out about Carrier IQ (and rightly so), a whole host of malicious bots have been appearing on Android which log keystrokes, surf the web and send text messages. And increasingly this malware has the ability to gain root access to users phones.
- Geinimi: Android’s first botnet, which sends a victim’s geographic location and controls his/her phone remotely. For example, Geinimi can force the infected phone call a given phone number.
- Hongtoutou: A Trojan live wallpaper that steals private information such as the victim’s subscriber number (IMSI) and automatically visits Websites that the malware directs it to.
- DroidKungFu: Another botnet that has multiple capabilities such as remotely installing other malware, remotely starting specific applications and adding bookmarks.
- JiFake: A fake instant messenger application that sends SMS messages to premium phone numbers
- BaseBridge: A Trojan that sends SMS messages to premium numbers
It might be worthwhile for Google to create a white listed section of its App Store with more stringent requirements for developers who are willing to clear a higher security bar in return for a verified stamp of approval. Until then, as Google’s director of public policy Alan Davidson told Senators this summer: “We’ve chosen not to be the gatekeeper. We don’t generally go back and try to make sure that every app does what it says it’s going to do. [Google is] really trying to maximize the ability of small app developers to get online.”