2013-10-10
Abstract
Google presents data to suggest Android devices are a lot less susceptible to malware than commonly believed.
Copyright © 2013 Virus Bulletin
Eric Schmidt, executive chairman of Google, has voiced high confidence in the security of the company’s Android mobile platform, declaring at the Gartner Symposium/ITxpo that ‘[Android is] more secure than the iPhone’.
Schmidt’s confidence is supported by data presented by Google’s Adrian Ludwig at last month’s VB conference in Berlin, in which Ludwig revealed that fewer than an estimated 0.001% of malicious app installations on Android are able to evade its multi-layered defences. He also stated that, according to the company’s data, users are more likely to install non malicious rooting and SMS fraud apps than traditional types of malware such as spyware, trojans, backdoors, and malicious exploits.
There was almost a full house at the presentation in Berlin, in which Ludwig also revealed that most of the detection signatures in existence for Android malware are in fact for apps that have never been installed by a user of the firm’s Verify Apps feature (which Google says runs on 95% of its devices) – and that many of the most frequently installed detection signatures are either false positives or do not qualify as potentially harmful apps.
In its 2013 Annual Security Report, Cisco noted a 2577% growth in Android malware over the course of 2012 – and new Android malware is seen making security headlines almost every day. But the Android security team is now calling for better data about actual risk and for the security industry to focus its attention on reducing false positives.
