Trend Micro releases Android malware report, but it asks more questions than it answers
It should always be mentioned right off the bat when reporting a story about malware statistics from a security company that security companies are somewhat biased in this equation, because they are the only companies that can profit from there being security threats on a given platform. With that in mind, Trend Micro has released a new report claiming that Android is rife with malware.
The numbers are as follows: Trend Micro reportedly checked 2 million Android apps during this study. This automatically asks more questions, because there are were only about 700,000 apps in the Play Store during the check. Unfortunately, the report doesn't specify how many of the apps checked were from the Play Store, or if we're supposed to believe that Trend Micro checked every app in the store, and how many of the apps came from 3rd party stores, which always have higher rates of malware.
Of the 2 million apps checked, 293,091 apps were classified as "outright malicious", and a further 150,203 were classified as "high risk". Again this asks more questions which are not answered by the report. First goes to the categorizations, where two of the seven types of apps classified as "malware" are A) "Spying Tools", which are apps that "send out GPS location, tracks text messages, call logs," and B) "Rooters", which "allow attackers to send commands to the affected device." It's unclear whether "spying tools" are apps that do those things without permissions, or just any app that does those things, which is important, because if it's the latter, any alternative SMS app would count as "malware". The same goes for the "rooter" apps, where it's unclear if that category counts apps designed for root users or not.
If the numbers are to be believed it means that 24% of all the apps tested were found to be "malware", and of those 68,740 were sourced directly from Google Play. Again, assuming they tested every single app in the Play Store, that would mean about 10% of apps in the store were "malware". Of course, this again begs a question that wasn't answered, because the report claims "these numbers change every minute, upwards…" which could indicate that there was no follow-up done to check how many of those apps found to be "malware" were removed from the Play Store, or it could indicate that malware is added faster than Google removes it.
Of the apps tested, 22% of apps were found to "inappropriately leak user data", over the network, SMS or telephone, often including IMEI, ICCID, contact data, and telephone number. This doesn't say specifically, but it seems we're supposed to assume it was 22% of all the apps tested (and remember the total amount of "malware" apps found was only 24%.) If that's accurate, then only about 3300 of all the malware apps found did something other than "inappropriately leak user data".
This report of course marks the second study in as many days, conducted by a security company, that accused Android of high amounts of malware. Although, just like this report, the report yesterday from F-Secure had some questionable counting because it marked all phone testing tools as malware, as well as including "potentially unwanted software", which is a term nebulous enough to be troubling.
We've contacted the author of the article asking all of the questions we had, and we'll certainly update this article accordingly if we get a reply.
source: Trend Micro