Good App/Bad App: Is Investigating Mobile Apps Necessary?

These days, when you see someone staring intently or tapping at their mobile phones, chances are that they’re busy with an app. This comes as no surprise as 80% of consumers’ time on mobile devices apps is spent in apps for gaming, news, productivity, utility, social networking, and more.

Apps and Risky Taps

We are currently seeing 10.7 million malicious apps in existence as of October 2014. Of the 10.7 million, 64% are considered safe, while 23% are considered high risk or adware. The app permissions given to these types of apps may be used to cause potentially unwanted routines. Of all the malicious apps we detected, 13% are outright malicious, or categorized as malware. These types of apps are known to originate from third-party app stores, or simply put, non-Google Play stores.

Figure 1. Cumulative malware detections based on unique samples as of October 2014

For the month of October, we counted more than 532,000 new Android threats. Almost a third, 29%, are malware, while a third, 30%, are adware. Less than half, 41%, of the apps checked were considered safe.


Figure 2. Malware detections seen in October 2014

 These threats fall in either one of the seven types of malicious apps we know, as follows:

Figure 3. Android Malware Types

We also continued to see desktop threats that can latch onto mobile devices as well, or vice versa. The USBATTACK malware for Android is one such threat. It poses as a device cleaner but actually does otherwise. This malware steals device information, downloads AUTORUN malware on the SD card, and then runs itself on a connected PC so it can use its microphone to record media.

What drives these threats?

For one, mobile app adoption continues to flourish. This results to an attractive market ripe for cybercriminal threats and scams. App stores also serve as catalysts for mobile usage, given that these house the apps that consumers are so fond of using.

Based on our observations, third-party app stores are quite popular to mobile users this month. The number of downloaded apps from third-party app stores (4.17 million) is more than the number downloaded from Google Play (2.58 million) or than those downloaded from all other app stores (4.13 million).

The expanding adoption of third-party app stores can be quite problematic for mobile users given that many cybercriminal app developers can easily distribute apps using these channels.

Is a careful examination of apps really needed?

In the technology industry, the process of vetting apps, or tracking which ones are secure and identifying those that are not, is a valid option to ensure the safety of app stores. The diagram below shows how the vendor Blackberry, for instance, makes use of the technology of vetting mobile apps:

Figure 4. How Trend Micro Mobile App Reputation Service works

Vetting helps with app validation before they are submitted to app stores to vet out the risky and/or malicious ones. Categories are also used, such as malware, private data leak, battery usage, etc., which consumers might find helpful in order to gauge which apps are not only safe but also optimal for use on their devices.

Now that the shopping season is looming closer, more cybercriminals are expected to come up with rogue, malicious apps that target mobile payments. What better time to attack consumers but during the height of their shopping for Black Friday or Cyber Monday? Vetting apps is a way for app store operators can ensure the safety of their users, and at the same time, users can ensure the safety of the apps they download.

Read more about the mobile landscape and threats found in October and the app categories that are used for vetting apps in our report, How Vetting Mobile Apps Works for App Stores and Its Users.


Post from: Trendlabs Security Intelligence Blog – by Trend Micro

Good App/Bad App: Is Investigating Mobile Apps Necessary?

Read more: Good App/Bad App: Is Investigating Mobile Apps Necessary?

Story added 20. November 2014, content source with full text you can find at link above.