It is no secret that mobile platforms are ripe targets for malware. The explosion of smartphones and tablets, combined with the lack of security awareness or tools for mobile platforms makes them particularly attractive targets. Apparently, Android has caught the attention of mobile malware developers because the number of threats is on the rise.
One of the primary benefits of Android over its main rival, Apple's iOS, is its openness. While Apple exerts control over almost every aspect of the iPhone and iPad experience, and has stringent rules when it comes to the apps that are approved to work with iOS mobile devices, Android is open source and gives developers and users significantly more freedom to customise the platform to meet their needs.
That openness comes at a price, though. A Symantec spokesperson emailed me to point out that Symantec has recently noted a spike in malware targeting Android. A recent example is an Android Trojan dubbed Android.PJapps which is spread through compromised versions of legitimate apps that are hosted on unregulated alternatives to the official Android Market.
The Symantec representative described the Android Trojan. "Android.Pjapps masquerades as a popular "Steamy Window" app. The legitimate features of the original app are still present in the malicious version, but it also features additional functionality that allows an attacker to build a botnet."
"Among other things it is able to install applications, navigate to websites, add bookmarks to the user's browser, send text messages and block text message responses. It also sends sensitive user information back to the attacker."
Mobile malware is by no means unique to Android, but the open nature of the platform makes it an easier target. To avoid becoming a victim of Android malware, Symantec recommends:
Only use regulated Android marketplaces for downloading and installing Android apps.
- Adjust Android OS application settings to stop the installation of non-market apps.
- Review other users' comments on the marketplace to assist in determining if an app is safe.
- During the installation of Android apps, always check the access permissions being requested for installation. If they seem excessive for what the application is designed to do, it would be wise to not install the application.
- Utilise a mobile security solution on devices to ensure any downloaded apps are not malicious.
- Enterprises should consider implementing a mobile management solution to ensure all devices that connect to their networks are policy compliant and free of malware.