Homepage / Technology / Android / Android 472% Malware Increase Scare Is Sensationalist
Google Helpouts – A Help Provider’s Review How Much Water Should I Drink Every Day? Installing Google Wallet on Android Outside the United States Q: Is Spirituality the Opposite of Science? A: Definitely not How to Remove io9’s Space Wasting Sidebar I’d be Leery of Google Keep, Google’s Evernote Competitor FUD and Sensationalism from F-Secure on Android Malware Numbers The Definition of Irony in Web Design Weight Loss Status Update, Day 120 Weight Loss Status Update, Day 60 Weight Loss Status Update, Day 30 Weight Loss & Unconventional Eating Habits Weight Loss Problems Despite Following All the Conventional Wisdom How Strategic Voting Subverts Democracy Response to Vic Toews’ Email re Bill C-30 Privacy Concerns One Million Moms protests sexuality of JC Penny’s new spokesperson Ellen DeGeneres Review: Samsung Sidekick 4G From T-Mobile GoDaddy’s Stance On SOPA Shows Off Their Ignorance In More Ways Than One! Android 472% Malware Increase Scare Is Sensationalist Fix VSFTPD Slow Directory Listings & Timeouts Tablet Computing: Apple Only? Using Linux to Root the Sidekick 4G (Samsung Galaxy Series SGH -T839) Linux Tip: Permanently Disable NumPad Mouse Keys Google Music releases Linux Music Manager! Migrating Openfire Instant Messaging Service PBX In A Flash: Custom Dialplans & FreePBX Android App Review: Remote Desktop For Your Phone! PBX In A Flash: Send Email Using Gmail / Google Apps Android Security Apps Review: Lookout, SeekDroid, Cerberus, Prey & Theft Aware How To Get Amazon’s Free Android Apps From Outside The US Google Music Beta Impressions (vs Subsonic) Swype & SwiftKeyX Android Virtual Keyboards Review Why You Can’t Just Tell Your Computer What You Want It To Do Cellphone Use Is NOT Giving You Cancer Facebook Messages Offering “Unprecedented”? Um, No… Etsy: Great Community Care & Responsiveness! Etsy: Now Worse Than Facebook For Respecting User Privacy? Android: Major Malware Killed Fast & Clean Facebook’s Privacy Breaches And Plans On Exposing More Personal Info Facebook’s New “Like”: Instead Of You, Websites Get To Post Why You Like Them Is Mexico Safe To Visit? Definitely! Cost Of Living In Bucerias CRTC Backpedals On Allowing False News Broadcasting! Facebook: Now With Even Less Social Networking! Pro CRTC Amendment 2010-931 Arguments & Responses How To Install Carrier-Blocked Android Apps Without Rooting Your Phone Take Action On The CRTC’s Amendments To Allow News Broadcasters To Report Opinions Or Lies As Facts Ninjerktsu’s “Carl Sagan and his Fully Armed Spaceship of the Imagination” As A Single Image Puerto Vallarta & Area: Tips For Snowbirds Bucerias: A Snowbird’s Impressions Facebook: Why The Sudden Monetization Push? Facebook Outrage Du Jour: Your Posts Can Be Sold For Ads Handy Android App: FilesAnywhere, A Fax For Your Phone Facebook Apps Can Now Access Your Address & Mobile Number Diaspora – My Impressions Two Months In First Beach Day of 2011, in Bucerias! Handy Android App: Google Voice Callback Free Swype Touchscreen Keyboard For Android Signal Strength Drop – iPhone 4 vs Droid Facebook Privacy & Security Tips Making Google Voice Work After Moving To Canada Implanted Contact Lenses – Best $5000 I *EVER* Spent! Quantum Darwinism! Pantheism, Monotheism, Atheism, And Communication

Android, Mobile Phone, Technology, Telecommunications

Android 472% Malware Increase Scare Is Sensationalist

Today I’m seeing a huge number of articles screaming “Android Malware Surges Nearly Five-Fold Since July” (PC Magazine) and “Android malware has jumped up 472%” (Apple Insider).  Well, percentages and other stats are very nice, but it’s easy to manipulate numbers like that to get scary looking figures.  Always look at the hard data backing the stats to get the real story!  As Benjamin Disraeli said: “There are three kinds of lies: lies, damned lies, and statistics.”  As it is, the actual numbers tell a much less alarmist tale.

It took me quite a while to find any actual data on the number of malware apps estimated to actually be out there, given the search engine signal to noise ratio from all the bloggers jumping on the 472% bandwagon and quoting each other.

Positive feedback in the blogosphere.

I tried the website for Lookout first, which is one of Android better security apps.  Lots of interesting stuff, but couldn’t find any hard data in the blog or forums including a report on malware numbers from June 2011 counting 400 malware apps (thanks to redditor diff-t for the heads up!).  There is no Lookout data for November 2011, though, and no way to tell if Juniper is using the same counts or not in deriving their 472%.

Eventually I found the original malware report from Juniper [PDF].  Juniper requires registration to access; I’ve hotlinked directly to the report to save you the spam (annoyingly, I had to switch to Chrome to get the registration form to work for me; in Firefox it errored out: p.onStatusChange is not a function).  And… there were no hard numbers showing where this figure came from in the report!  Nada.  Just

“400% increase in Android malware since summer 2010”

This is a professional report?

However, the report did quote the numbers from summer 2010:

“In all, the research indicated that 29 applications were found to request exactly the same permissions as known spyware applications.”

And, genuis that I am, I can do math: 4.72 * 29 = 137.  So, we have a frightening, blogosphere-shaking increase of… 108 malware apps.

And I can play the statistics game, too.  What percentage of apps on the market are malware, then?  Well, as of Nov 2011 there are 370 000 Android Marketplace apps.  Here comes the math genius-ness again:  137 / 370 000 = 0.00037, or 0.037%.  Not quite so scary now, is it?  Not much of a headline there: “0.037% of Android apps are malware, up from 0.0078%!”  I call shenanigans on this.

So while Android is certainly picking up steam as a target, this is more a function of increasing marketshare than a fault of the open nature of the marketplace – something the report actually gives a nod to but doesn’t seem to be mentioned by most of the blogosphere.  While the PC Mag article at least gives a nod to these facts, they still jump on the bandwagon with the “Five fold increase” part of their title.  Ah, sweet sweet sensationalism, build me some links!

And while security on a phone is certainly an important concern, and people should definitely be aware that with increased marketshare Android is coming under increased attack, I don’t think it’s worth the furor currently raging. Personally I suspect that a significant chunk of the brouhaha is being fueled by FUD from competitors (*cough*Apple*cough*) spurred by the fact that Android has recently hit over 50% marketshare for smartphones.  But hey, that would be unethical.

Original infographic:

Juniper Networks Global Threat Center Mobile Malware Report

7 Comments

  1. Tyler Style 2011-11-17 05:38

    I’ve read in other articles that the increase in malware can’t be linked to the increase in marketshare as they are “too disproportionate”. I’m not sure that’s a valid complaint, as I don’t think there’s enough data to show when a platform crosses the line between not big enough and large enough to become a focus. The marketshare vs malware focus curve needn’t be a linear function.

    A good and valid complaint I read was that security holes go unpatched due to fragmentation. This is an excellent point, but this isn’t a fault of the Android system or of the open philosophy of the App Marketplace. The problem is with manufacturers & carriers who customize Android for their handsets, then can’t be bothered to customize the updates and roll them out; after all, they’ve already sold you the phone, so why should they care? They prefer to spend their time and energy customizing for their next customer buying their next phone.

  2. Harry 2011-11-17 06:42

    In July 2011, there were 225,000 apps compared to 370,000 now so if 29 of those were malware that’s 0.013% – an even smaller jump!

  3. Tyler Style 2011-11-17 08:44

    A commenter on Reddit linked to an interesting report on malware in general from McAfee [PDF].

    Unfortunately McAfee’s report doesn’t break down the number of threats by platform, but did report finding 1,200 samples of mobile threats in total for Android, Java ME, Symbian, BlackBerry, MSIL, Python, VBS. Apparently prior to this month, Java ME used to be the primary malware target.

    It’s an interesting read – I learned that Adobe has more security exploits than Microsoft these days! Good thing Adobe’s decided to ditch Flash in favour of HTML5 for mobile devices.

  4. Roger 2011-11-17 14:14

    I doubt Apple is behind the reports and far more strongly suspect the manufacturers of apps/services that “protect” you. It is in their interest to have you scared by unknowns.

    • Tyler Style 2011-11-17 14:17

      Probably not directly behind it, no, but it wouldn’t be the first time that an ‘independant’ reporting company had corporate sponsors. Microsoft used to be really bad for that.

  5. TheRamblingRep 2011-12-06 02:22

    I love the article, but don’t you find it a little ironic that you’re using Wikipedia as your source for the number of Android apps in the marketplace, considering the XKCD article you led with?

Post a Comment

Your email address will not be published. Required fields are marked *

*