The amount of mobile Android malware has surged this year, from a count of 30,000 malware specimens in June to almost 175,000 last month, according to Trend Micro's Security Roundup report for the third quarter of this year.
"When we predicted earlier there would be 125,000 by the end of the year, Google called us charlatans," says Raimund Genes, Trend Micro's chief technology officer, who says the security firm is counting Android malware variants as it does with Windows-based malware specimens. The Trend Micro report notes the fake versions of legitimate Android apps are the most prevalent type of Android malware, counted at 29,309. Others have names like Boxer, Kmin, Opfake, Trojsms, Ginmaster and Droidkungfu.
Ironically, since the Google Android operating system has undergone a kind of fracture due to so many variations of it being used by different manufacturers on Android mobile devices, this has probably actually slowed down hackers trying to attack the Android OS, Genes notes. And despite the surge in mobile malware, it's still far below the many millions of Microsoft Windows-based malware variants.
With directness, the Trend Micro report also takes aim at an area of growing concern, Android adware, devising a "Top 10 Most Aggressive Android Adware" list of adware that may send an excessive, undeclared amount of personal information captured off a device to ad networks.
A lot of this adware has come though the legitimate Google Play app store, and sometimes has been yanked when objections were voiced, but in Trend's view, this marketing adware has to be considered insidious if only because it's grabbing user personal data off Android devices outside of the adware's declared purpose by the developer, including licensing agreements.
This might be anything from geolocation data to unique ID of the phone and phone numbers you call and your contacts, among other things, Genes says. Often, "there's no way to opt in or opt out," he notes. "In Europe, it's illegal to grab that information."
Trend says it's analyzed adware for what it considers clear privacy violations, and some of these adware suppliers are not pleased to be named as "aggressive Android adware" and their lawyers are sending threatening letters to Trend Micro.
But Genes says Trend feels confident in its position and will continue to voice its concerns about ad networks that fail to alert users of adware's data-gathering behavior. The mobile adware issue evokes similar circumstances of years ago when what then came to be known as "spyware" targeting Windows desktops for marketing purposes became a battle in the security industry, too.
On Trend Micro's "Top 10 Most Aggressive Android Adware" list is:
Sign up for CIO Asia eNewsletters.