Report: Every 10 seconds new malware appears on Android

It is highly probable that in 2018 the Android system will further increase the effectiveness of its protections. Google has already carried out preliminary actions to provide users with important updates faster so that they do not waste time patching up security holes. The specter of a catastrophe in the mobile world is becoming more and more real. Around 74% of smartphone users worldwide use the Android operating system (source: Statcounter). Malicious software appears every 10 seconds - security experts G DATA investigates malware by analyzing malware data.

New malware every 10 seconds

złośliwe oprogramowanie statystyki g data

Only in the first quarter, analysts discovered 846 916 new malware samples targeting the Android system. It was calculated that an average of 9,411 new malicious programs appeared daily. This means that a new program of this type appeared every 10 seconds.

The number of new examples of malware targeting Android for the entire year 2018 estimated by G DATA analysts is 3.4 million.

złośliwe oprogramowanie statystyki 2 g data

Recent data indicates that the risk for smartphone users is increasing. Cybercriminals know too well that these ubiquitous devices are used for all kinds of tasks, from shopping online to using electronic banking. Android developers are doing their best to deliver important updates for smartphones and tablets faster and more efficiently. Thanks to the active closing of vulnerabilities, the threat of attack by cybercriminals is smaller.

Certificate not for everyone

Google has ceased to issue certificates for devices with the Android 7 operating system ("Nougat"). This decision is not surprising, because through the implementation of, inter alia, the "Treble" project, the company has begun activities aimed at convincing manufacturers to provide updates and the latest versions of Android for smartphones in a timely manner.

For producers, having a certificate is a key issue. This is the only way to access Google Mobile Services, where you can find all Google services and applications (including Playstore). The requirements that must be met in order to obtain the certificate are presented in a document entitled "Compatibility Definition Document" defining compliance rules for the purpose of certification. At the moment, it is mandatory to deliver smartphones and tablets with the Android 8 operating system. In this way, the "Treble" project is implemented for all new devices. However, have the producers already discovered some gaps? This situation is suggested by the latest report created by Security Research Labs security specialists.

Do manufacturers cheat on the Android update?

Security specialists criticize smartphone manufacturers and claim that they do not keep up with the updates they provide to users and the Android system being installed on their devices. More than 1,000 smartphones, including devices from well-known manufacturers, have to face the threat and this is particularly about basic and middle-class devices. Users receive information that their device has been equipped with all available updates, including security updates, when in reality it is in vain to look for them.

Manufacturers go even a step further and change the date of the last update, without actually offering anything new. Users are unable to notice this and assume that their devices are fully updated.

However, manufacturers are not always guided by bad intentions in this context. For some of them, technical problems may be the cause of incorrect delivery of updates. Integrated processors are also a key issue: smartphones with Samsung chips are for example much less exposed to dangers than devices with processors from Mediatek. This is due to the fact that smartphone manufacturers in the issue of patching gaps, rely on processors. In the event that the update is not provided by the chip manufacturer, device providers are unable to publish it.

Processes related to the protection of consumers in connection with the mess in the updates

The mess in the update field confuses both consumers seeking the best purchase option and experts. In the case of cheap smartphones, buyers are often ready to accept, for example, a lower quality camera. This information can easily be found in the product description. However, it is impossible to check when and for how long the updates for each device will appear. Most of the time you can only refer to the pre-installed version of the operating system.

The Consumer Advice Center in North Rhine-Westphalia is committed to making changes in this area. Last year, this institution sold the electronic equipment retailer, which offered smartphones at a price of 99 euros. At the time of sale, there were security holes in the device that could be remedied. It had an obsolete Android 4.4 operating system installed ("KitKat"), which first appeared on the market in 2013. Even after comments from the Federal Office for Information Security (BSI) in 2016, the manufacturer did not take any steps and there were no updates for these smartphones.

The consumer advice center could also have prosecuted Google for being an Android developer or mobile device manufacturer. As a last resort, however, it decided to sue the seller as a party directly involved in concluding transactions with consumers obliged to inform customers about gaps existing in new devices.

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.