Homepage / Technology / Android / FUD and Sensationalism from F-Secure on Android Malware Numbers
Google Helpouts – A Help Provider’s Review How Much Water Should I Drink Every Day? Installing Google Wallet on Android Outside the United States Q: Is Spirituality the Opposite of Science? A: Definitely not How to Remove io9’s Space Wasting Sidebar I’d be Leery of Google Keep, Google’s Evernote Competitor FUD and Sensationalism from F-Secure on Android Malware Numbers The Definition of Irony in Web Design Weight Loss Status Update, Day 120 Weight Loss Status Update, Day 60 Weight Loss Status Update, Day 30 Weight Loss & Unconventional Eating Habits Weight Loss Problems Despite Following All the Conventional Wisdom How Strategic Voting Subverts Democracy Response to Vic Toews’ Email re Bill C-30 Privacy Concerns One Million Moms protests sexuality of JC Penny’s new spokesperson Ellen DeGeneres Review: Samsung Sidekick 4G From T-Mobile GoDaddy’s Stance On SOPA Shows Off Their Ignorance In More Ways Than One! Android 472% Malware Increase Scare Is Sensationalist Fix VSFTPD Slow Directory Listings & Timeouts Tablet Computing: Apple Only? Using Linux to Root the Sidekick 4G (Samsung Galaxy Series SGH -T839) Linux Tip: Permanently Disable NumPad Mouse Keys Google Music releases Linux Music Manager! Migrating Openfire Instant Messaging Service PBX In A Flash: Custom Dialplans & FreePBX Android App Review: Remote Desktop For Your Phone! PBX In A Flash: Send Email Using Gmail / Google Apps Android Security Apps Review: Lookout, SeekDroid, Cerberus, Prey & Theft Aware How To Get Amazon’s Free Android Apps From Outside The US Google Music Beta Impressions (vs Subsonic) Swype & SwiftKeyX Android Virtual Keyboards Review Why You Can’t Just Tell Your Computer What You Want It To Do Cellphone Use Is NOT Giving You Cancer Facebook Messages Offering “Unprecedented”? Um, No… Etsy: Great Community Care & Responsiveness! Etsy: Now Worse Than Facebook For Respecting User Privacy? Android: Major Malware Killed Fast & Clean Facebook’s Privacy Breaches And Plans On Exposing More Personal Info Facebook’s New “Like”: Instead Of You, Websites Get To Post Why You Like Them Is Mexico Safe To Visit? Definitely! Cost Of Living In Bucerias CRTC Backpedals On Allowing False News Broadcasting! Facebook: Now With Even Less Social Networking! Pro CRTC Amendment 2010-931 Arguments & Responses How To Install Carrier-Blocked Android Apps Without Rooting Your Phone Take Action On The CRTC’s Amendments To Allow News Broadcasters To Report Opinions Or Lies As Facts Ninjerktsu’s “Carl Sagan and his Fully Armed Spaceship of the Imagination” As A Single Image Puerto Vallarta & Area: Tips For Snowbirds Bucerias: A Snowbird’s Impressions Facebook: Why The Sudden Monetization Push? Facebook Outrage Du Jour: Your Posts Can Be Sold For Ads Handy Android App: FilesAnywhere, A Fax For Your Phone Facebook Apps Can Now Access Your Address & Mobile Number Diaspora – My Impressions Two Months In First Beach Day of 2011, in Bucerias! Handy Android App: Google Voice Callback Free Swype Touchscreen Keyboard For Android Signal Strength Drop – iPhone 4 vs Droid Facebook Privacy & Security Tips Making Google Voice Work After Moving To Canada Implanted Contact Lenses – Best $5000 I *EVER* Spent! Quantum Darwinism! Pantheism, Monotheism, Atheism, And Communication

Android, Mobile Phone, Technology

FUD and Sensationalism from F-Secure on Android Malware Numbers

I came across a fluff piece on TechCrunch today titled “Android Accounted For 79% Of All Mobile Malware In 2012, 96% In Q4 Alone, Says F-Secure“.  Quite the sensationalist title, and a quick read of the actual “report” (PDF) shows that these are pretty dodgy statistics.  The “report” is more marketing material than anything else – it lots of pretty pictures of people using phones, low level language use and even an ad at the end of it for their mobile security suite.  I don’t know if the author didn’t thoroughly read the report and just copied and pasted the nicely coloured charts or if she just wanted to get the most eyeballs she could via sensationalism, but either way it’s some poor journalism.  There are some pretty blatant issues with the “report” that are completely ignored by the author:

  1. The study was conducted by F-Secure, an anti-virus company that is hardly impartial in such matters:  they sell “F-Secure Mobile Security,” one of the most expensive anti-virus Android products available.  So they have a definite vested interest in wanting Android users (a huge and still expanding market) to be afraid of getting malware on their phones.
  2. The actual report itself plays extremely fast and loose with the definition of what is malware.  Two of the more egregious examples:
    1. “Android Network Toolkit, Aniti.A is a penetration testing tool that allows user to perform certain tests via its automation interface… Like most penetration testing programs, this tool is intended for use in a legitimate context. It may however also be misused by malicious parties.
      So an app that can be used for network penetration is Android malware?  It might be used a hacking tool, but it won’t affect your actual Android handset negatively in any way.
    2. “EksyPox.A is a program that offers a workaround for a vulnerability found on the Exynos 4 chip. This vulnerability, if successfully exploited, could allow any application to gain root access on devices running on the Exynos 4 chip. EksyPox.A provides a way to patch the security hole, but not without exploiting the vulnerability first.”
      So a third party app that patches a huge Samsung security issue that hasn’t been addressed for all handsets yet is malware because it uses that same security issue to patch it and lock down an avenue of possible malware infection.  Madness!
  3. The report itself is so obviously a marketing tool rather than a legitimate piece of research that alarm bells should be ringing all around.  Serious reports don’t usually
    1. have full pages with stock photos heading up every section;
    2. pitch their writing to a sixth grade reading comprehension level;
    3. provide a mickey-mouse definition of the word malware for their readers (p.18, “Programs categorized as malware are generally considered to post a significant security risk to the user’s system and/or information.”).
  4. The report again hugely inflates its numbers by including “Top 30 Potentially Unwanted Software” … which is more than double the number of the “Top 30 Malware” counts (p.32)
  5. The report doesn’t differentiate between malware that can be found on Google Play app store vis a vis malware that has to have the security system set to allow third party apps to be installed.  This would make a  significant difference to the numbers, as the average user only installs from the app store.
  6. The report doesn’t break down the relative numbers of malware apps to versions of Android.  If 90% of the black apps in the stats target older verisons of Android that aren’t in common usage anymore, such as Donut  and Eclair, then the level of actual threat representation relative to more current versions of Android is hugely distorted.

I can’t imagine how any journo could possibly take this seriously and report on it as such – either the author doesn’t really understand the topic, or was phoning it in in order to get a headline-grabbing piece out the door.  The source is pretty obviously marketing FUD from a company that wants to sell antivirus products to Android users, not a serious report.

Post a Comment

Your email address will not be published. Required fields are marked *