Today I’m seeing a huge number of articles screaming “Android Malware Surges Nearly Five-Fold Since July” (PC Magazine) and “Android malware has jumped up 472%” (Apple Insider). Well, percentages and other stats are very nice, but it’s easy to manipulate numbers like that to get scary looking figures. Always look at the hard data backing the stats to get the real story! As Benjamin Disraeli said: “There are three kinds of lies: lies, damned lies, and statistics.” As it is, the actual numbers tell a much less alarmist tale.
It took me quite a while to find any actual data on the number of malware apps estimated to actually be out there, given the search engine signal to noise ratio from all the bloggers jumping on the 472% bandwagon and quoting each other.
I tried the website for Lookout first, which is one of Android better security apps. Lots of interesting stuff,
but couldn’t find any hard data in the blog or forums including a report on malware numbers from June 2011 counting 400 malware apps (thanks to redditor diff-t for the heads up!). There is no Lookout data for November 2011, though, and no way to tell if Juniper is using the same counts or not in deriving their 472%.
Eventually I found the original malware report from Juniper [PDF]. Juniper requires registration to access; I’ve hotlinked directly to the report to save you the spam (annoyingly, I had to switch to Chrome to get the registration form to work for me; in Firefox it errored out: p.onStatusChange is not a function). And… there were no hard numbers showing where this figure came from in the report! Nada. Just
“400% increase in Android malware since summer 2010”
This is a professional report?
However, the report did quote the numbers from summer 2010:
“In all, the research indicated that 29 applications were found to request exactly the same permissions as known spyware applications.”
And, genuis that I am, I can do math: 4.72 * 29 = 137. So, we have a frightening, blogosphere-shaking increase of… 108 malware apps.
And I can play the statistics game, too. What percentage of apps on the market are malware, then? Well, as of Nov 2011 there are 370 000 Android Marketplace apps. Here comes the math genius-ness again: 137 / 370 000 = 0.00037, or 0.037%. Not quite so scary now, is it? Not much of a headline there: “0.037% of Android apps are malware, up from 0.0078%!” I call shenanigans on this.
So while Android is certainly picking up steam as a target, this is more a function of increasing marketshare than a fault of the open nature of the marketplace – something the report actually gives a nod to but doesn’t seem to be mentioned by most of the blogosphere. While the PC Mag article at least gives a nod to these facts, they still jump on the bandwagon with the “Five fold increase” part of their title. Ah, sweet sweet sensationalism, build me some links!
And while security on a phone is certainly an important concern, and people should definitely be aware that with increased marketshare Android is coming under increased attack, I don’t think it’s worth the furor currently raging. Personally I suspect that a significant chunk of the brouhaha is being fueled by FUD from competitors (*cough*Apple*cough*) spurred by the fact that Android has recently hit over 50% marketshare for smartphones. But hey, that would be unethical.