Looking only at the data provided by security firms, the world appears on the verge of a mobile malware apocalypse.
The number of samples--which represent unique, but mostly automatically generated variants of malicious programs--exceeded 5 million in the third quarter of 2014, according to security firm McAfee. Using a different counting method, security firm Symantec classified a similar magnitude--1 million of the 6.3 million mobile apps it discovered--as malware in 2014.
Yet, these data points tell only the darker side of the story. An increasing volume of data supports the idea that Apple's and Google's gated communities for mobile software have paid security dividends and kept most monstrous malware at bay.
Apple, Google app stores are most vigilant
Less than 0.5 percent of the 1 billion devices scanned by Google security software had a potentially harmful application (PHA) installed, according to Google's 2014 Android Security Report, published in April. Potentially harmful applications include spyware, ransomware and fraudulent apps, which Google scans for using a security capability, known as Verify Apps, that runs in the background on modern Android systems. In addition, the company checks mobile apps submitted to the Google Play store, which offered about 1.5 million pieces of software at last count, and removes applications, if they are found to be violating the company's policies.
The measures mean that, among users that stick to Google's Play store, less than one device for every 10,000 has a program considered malicious. "I don't think malware represents a risk," says Adrian Ludwig, lead security engineer for Android at Google. "I think the damage of mental anguish worrying about mobile malware likely exceeds the potential harm from actually being infected by it."
Not that cybercriminals and malware developers aren't trying. Smartphones and tablets tend to have as much, if not more, private data on their users than computers, so attempting to get malware on the devices is logical. No wonder, then, that online miscreants have focused more heavily on infecting mobile devices, using automated techniques to create tens of thousands of malware variants to get around the detection systems--again, automated--used by Google, Apple and security firms.
Yet, for most parts of the world, malware on mobile devices is a non-issue. In a recent report, network security firm Damballa analyzed cellular data and found signs of potentially malicious activity on only 0.3 percent of devices. Business services firm Verizon looked at traffic on its own cellular network and found "virtually no" iOS malware and very little Android malware, according to Bob Rudis, a security data scientist with the company.
Sign up for CIO Asia eNewsletters.