http://www.readwriteweb.com/archives/android_malware_up_472_since_july_juniper_says_inf.php http://news.cnet.com/8301-1009_3-57325774-83/android-leads-the-way-in-mobile-malware/ Android Malware Up 472% Since July Looking back at 2011, we could call it subtitle it as The Year Of Android Malware. It started with DroidDream and reports have been issued all year that have shown exponential growth in Android malware. It is not getting any better. If Juniper's research can be believed, it is getting much worse. Juniper says there has been a 472% rise in Android malware samples since July 2011. Juniper says that almost all of the Android malware contains code for root access that will force the device to communicate with a command-and-control server and download additional instructions. 55% of Android malware acts as spyware and the rise of "SMS Trojans" has become a significant problem. Recent Jump In Android Malware Juniper notes that Android's open market structure, where almost any developer can pay $25 for developer access that can be anonymized, is the primary culprit for the rise of Android malware. Juniper notes that iOS may or may not be any safer but that Apple makes it safer by requiring code signatures and pre-screening all apps. Smart Android publishers put code signatures into their apps because they know that the security applications have the capability of white and black listing certain signatures and that helps them keep their app out of the malware repository that security apps scan for. October and November have seen the highest growth rates for Android malware samples since the rise of the platform, according to Juniper. The number of samples grew 28% in September, October had a 110% increase over September and a 171% increase from July 2011. Spyware with root access is the main threat from malicious Android applications. Juniper notes that the vulnerability to root access from malicious apps is prevalent in 90% of Android devices in the consumer market. Outside of spyware, the SMS Trojan makes up 44% of Android malware. Juniper published another post today showing that much of the SMS Trojan activity is coming out of Russia. SMS Trojans work by getting users to click on text messages or links in emails that will prompt them to pay for an app through premium text messages. These are often from pirated of cracked apps. The problem is that users end up paying for free apps, like Opera Mini for Android, or developers do not get paid for their premium apps. ------------------------------------------------------------ This is the price you pay for horizontal business models - that is, business models based on universally licensing operating systems to OEMs. In this case, virtually any OEM that can slam together a phone, especially since the OS is free. Yes, you have "choice", an open platform, and vast market share to support it. But it comes at a price. User Experience being the obvious one that comes to mind. Horizontal business models simply don't play well in that area - they can't by default, because the OS provider loses control of their product at a key stage, and it's shuffled off to OEMs to do with as they wish. It sure works for padding market share numbers and playing in lower-income/developing markets, but there's a lot of corner-cutting going on, and the competitor that does a vertical business model right will end up (and is) dominating in consumer satisfaction. All you need to look at is motivation. Google is in the smartphone market to peddle ads via a smartphone as a vehicle or shell. While Apple, for example, is focused (almost obsessively) on providing the best User Experience possible. The very way the two companies think about the segment is like night and day. Their whole starting points are poles apart. Malware is the other price the user pays. Note that most of the free antivirus apps for Android are virtually useless: http://www.neowin.net/news/free-android-anti-virus-products-virtually-useless HTC, Motorola, Samsung . . . they're all a part of the experience once the device gets into the user's hands. There's no getting around that. The User Experience process doesn't end when the OS or code is released. It's an entire process, from cradle to grave. Google simply has a fundamental disrespect for what they produce. A great OS that is universally licensed . . . is a contradiction in terms. If you're the type that's sick of PC malware, then you'll see it duplicated within a different form factor when it comes to horizontal business models in other market segments that feature online access, no matter who is doing it, be it Google or anyone else.