Android Malware

Enterprise Mobility

Android Malware

By Michael Stanford  |  June 10, 2013

PC's are vulnerable to drive-by malware infections. These can work simply by you visiting an infected website. The malware downloads invisibly to you without you needing to click on anything or agree to anything.

Android (News - Alert) devices are not vulnerable to such passive attacks. To get infected you must explicitly agree to install the malware. The two main ways you are tricked into victimhood are fake installs of legitimate software, and fake updates to legitimate software or to Android itself. Android has a line of defense against fake installs, in that by default you can only download applications from the Google (News - Alert) Play store, which supposedly no longer hosts any malware-infected apps. 

So hackers inject their code into legitimate apps like Skype (News - Alert) or Instagram, and upload them to third-party marketplaces. They then put links to download those apps on web pages and in SMS messages and spam.

At the beginning of 2012, BitDefender found that the commonest type of Android malware was adware. BitDefender found such adware in 26 percent of the Android apps it scanned, leading it to conclude that if you have an Android phone, at least one of your apps is probably infected.

By the end of 2012, McAfee (News - Alert) found that the commonest (60 percent) infection was with malware that triggers your phone to send premium SMS messages (text messages that bear high charges). Since these charges are billed through your cellular service provider, one might think it should be easy to track down the malefactors.

In addition to adware and premium SMS, malicious Android apps can perform an array of bad behavior, like transmitting your location, your phone's registration information, your contact list, your SMS traffic (including TAN bank codes), your keystrokes, your Wi-Fi traffic and so on. Your phone is more vulnerable to some of these attacks if it is already rooted.

So your best defense against Android malware is to not root your phone, and only to download software from the Google Play store or the website of the original developer of the app. 

For defense in depth you might consider installing some kind of anti-malware on your phone, too. The German software testing organization put out a report in February rating 22 anti-virus applications for Android. The report opens with the remark: "Surveys have shown that every Android device uses at least 20 other apps. Despite this fact, not one of the top 20 most popular smartphone apps is an antivirus app, which is completely incomprehensible given that Android users can choose from a large selection of protection apps, some of which are even free."


Michael Stanford (News - Alert) has been an entrepreneur and strategist in VoIP for more than a decade. (Visit his blog at

Edited by Stefania Viscusi