• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Mobile   »   Good App/Bad App: Is Investigating Mobile Apps Necessary?

Good App/Bad App: Is Investigating Mobile Apps Necessary?

  • Posted on:November 20, 2014 at 2:28 pm
  • Posted in:Mobile
  • Author:
    Rowena Diocton (Technical Communications)
0

These days, when you see someone staring intently or tapping at their mobile phones, chances are that they’re busy with an app. This comes as no surprise as 80% of consumers’ time on mobile devices apps is spent in apps for gaming, news, productivity, utility, social networking, and more.

Safe and Risky Apps

We are currently seeing almost 11 million samples in existence as of October 2014. Of these samples, 64% are considered safe, while 23% are considered high risk or adware. The app permissions given to these types of apps may be used to cause potentially unwanted routines. Of all the malicious apps we detected, 13% are outright malicious, or categorized as malware. These types of apps are known to originate from third-party app stores, or simply put, non-Google Play stores.

cumulative-malware-detectio
Figure 1. Cumulative Malware and High Risk/Adware App Detections Based on Unique Samples, October 2014

For the month of October, we counted more than 532,000 new Android samples. Almost a third, 29%, are malware, while a third, 30%, are adware. Less than half, 41%, of the apps checked were considered safe.

 malware-detections_Oct2014

Figure 2. Malware and High Risk/Adware App Detections Based on Unique Samples, October 2014

 These threats fall in either one of the seven types of malicious apps we know, as follows:


Figure 3. Android Malware Types

We also continued to see desktop threats that can latch onto mobile devices as well, or vice versa. The USBATTACK malware for Android is one such threat. It poses as a device cleaner but actually does otherwise. This malware steals device information, downloads AUTORUN malware on the SD card, and then runs itself on a connected PC so it can use its microphone to record media.

What drives these threats?

For one, mobile app adoption continues to flourish. This results to an attractive market ripe for cybercriminal threats and scams. App stores also serve as catalysts for mobile usage, given that these house the apps that consumers are so fond of using.

Based on our observations, third-party app stores are quite popular to mobile users this month. The number of downloaded apps from third-party app stores (4.17 million) is more than the number downloaded from Google Play (2.58 million) or than those downloaded from all other app stores (4.13 million).

The expanding adoption of third-party app stores can be quite problematic for mobile users given that many cybercriminal app developers can easily distribute apps using these channels.

Is a careful examination of apps really needed?

In the technology industry, the process of vetting apps, or tracking which ones are secure and identifying those that are not, is a valid option to ensure the safety of app stores. The diagram below shows how the vendor Blackberry, for instance, makes use of the technology of vetting mobile apps:


Figure 4. How Trend Micro Mobile App Reputation Service works

Vetting helps with app validation before they are submitted to app stores to vet out the risky and/or malicious ones. Categories are also used, such as malware, private data leak, battery usage, etc., which consumers might find helpful in order to gauge which apps are not only safe but also optimal for use on their devices.

Now that the shopping season is looming closer, more cybercriminals are expected to come up with rogue, malicious apps that target mobile payments. What better time to attack consumers but during the height of their shopping for Black Friday or Cyber Monday? Vetting apps is a way for app store operators can ensure the safety of their users, and at the same time, users can ensure the safety of the apps they download.

Read more about the mobile landscape and threats found in October and the app categories that are used for vetting apps in our report, How Vetting Mobile Apps Works for App Stores and Its Users.

 

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: androidapp storesmalicious appsMobilemobile apps

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.