Google Play: The Wild, Wild West
The Wild Wild Google Play
The wild, wild west. That’s as accurate a description as we can give for Google's Play Store. But is it as untamed as we think it is, or is it a wild stallion that can be lulled into submission?
Consider this: Google Android is particularly popular with developers, thanks to the easy access through which apps can be uploaded without going through a lengthy application and approval process. Developers who are genuinely interested to propagate their apps are taking the Android path, mostly to ensure that their apps will not be blocked by unnecessary policies that would otherwise hinder their efforts.
The numbers have proven as much: device activations grew 250% year-on-year, with Google's very own Andy Rubin announcing on 21st December 2011 that 700,000 Android devices are activated every day. If anything, this is a clear indication that Google’s mobile operating system has become a popular and widely adopted platform over the last few years. Unsurprisingly, the OS became the most dominant mobile OS with a 50.9% market share in Q4 of 2011, roughly translating to over 75.9 million smartphones sold. And the numbers are higher yet at the point of authoring this article.
Unfortunately, its popularity has also created a particularly huge bulls-eye on the Android operating system. Google’s open door policy, though greatly welcomed by budding developers, has also created an easy route for hackers. As of 31 October 2012, the number of Android apps has already hit a big 700,000 milestone, which makes it closer to Apple's current selection of more than 700,000 apps and leaving Windows Phone 8's 125,000 apps selection in the dust. That plus the total number of app downloads from Google Play hitting 25 billion, it’s certainly easy to see why hackers are hiding their malware within the sea of Android apps.
Trend Micro reported that just in 2011, the Android ecosystem has seen over a thousand malicious apps being reported by mid-December. With Android malware increasing by 1410% in the first six months of 2011, Trend Micro has predicted that the total number of malicious apps might rise to 129,000 in this year. As alarming as it sounds, this might not be a prophecy waiting to be fulfilled.
An immediate area of concern is of course, in the corporate IT environment - the invasion of mobile devices like tablets and smartphones, consumer apps and social media has indeed increased security concerns. With an increase in organizations adopting the BYOD (Bring Your Own Device) scheme, security incidents are said to increase 25% or more for these participatory companies.
The Open Environment - A Double-Edged Sword
But what makes Android a susceptible target for malicious apps? Unlike the closed systems adopted by Apple’s iOS and Microsoft’s Windows Phone 7/8, Android users enjoy unfettered access to their smartphone. Take for example, the case of side-loading apps onto the Android device. Without the need to root your Android device, you can side-load and install apps that are not available in your region, such as Flipboard when it was still not available in the official store. All you need is the correct APK file, use a file manager and run the APK. Of course, you'll need to tweak with the settings that allows you to install apps from unknown sources onto your device.
Now here’s the danger - how do you know if that APK is free of malware? While many of us love to be an early adopter and try out the newest app in town, precautions need to be taken if the app is not downloaded from official sources such as the Google Play store. Apps from third party markets are one of the hotbeds for malware to hook onto seemingly legit apps.
One such malware, named RootSmart, does just that by being part of a seemingly legit app that’s available outside of Google Play. In doing so, the malware will call back to a remote server and download GingerBreak, granting users root access to Android 2.3 Gingerbread. Besides collecting information from the infected device, the real damage comes from having the device becoming part of a larger botnet, which lets the botnet owner command it to call or send messages to premium numbers that lines the malware developer’s pockets. Fortunately, this particular malware is specifically targeted at Android devices operating on Chinese wireless networks and is found nowhere within the official Android Market.
However, this doesn’t necessarily mean Android Market is a guaranteed safe haven as these examples will show. In December 2011, the Android Market was infiltrated by a malware by the name of RuFraud. Designated as a premium service abuser, this malware went under the guise of legitimate apps such as Angry Birds and tricks users into agreeing to SMS charges. While Google did react promptly to the threat by removing 27 apps that were found with the RuFraud malware, over 14,000 downloads were recorded.
Another incident included Trojan malware masquerading as popular game titles, Super Mario Bros. and GTA 3 - Moscow City, on Google Play. Since their appearances on Google Play on June 24 of this year, they have raked in 50,000 to 100,000 downloads by taking full advantage of its legitimate counterparts' popularity. To add on, spying apps advertised as legit 'monitoring' apps were also found available on Google Play despite rigorous scanning efforts on the tech giant's part.
Unfortunately there are countless examples, including a rare malware that targets primarily female Android users in Japan via email, but Trend Micro has broadly categorized malware under seven types:
But what is more worrying, is the wide range in which your Android smartphone can be attacked. Trend Micro has identified seven methods for malware developers to employ when they target your Android device:
- Adware - These are also known as advertising-supported software that automatically play or download advertisements to your mobile device after the app is installed or while it is being used.
- Spying tool - These specific malware will target your GPS data and report your location to the central server. We can think of some situations which will prove useful, though the use of it is questionable.
- Rooter - Arguably the most dangerous category, this particular malware will gain full control of the device. In doing so, the device is now part of a bigger botnet, which could be used to infect more devices.
- Data stealer - As its name implies, it collects data from your smartphone and sends it back to the server. This could potentially expose critical data such as your passwords, or have your address book given to other spambots to attack.
- Premium service abuser - A costly attack, that will force your Android device to call or send messages to premium numbers. Your phone bill will take a huge hit, and the money would have been collected by the malware developer even before you know it.
- Click fraudster - This forces your device to click on pay-per-click online ads. It is potentially dangerous should it force your device to click on malicious links.
- Malicious downloader - Think of this as the root of all your malicious apps' problem. Once infected, there’s no telling what other malicious apps will end up on your device, which could perform according to one of the seven categories as listed here.