Malicious Android apps spike nearly 400 percent in in Google Play store

RiskIQ today announced research findings on the presence of malicious apps contained in the Google Play store. The company found that malicious Android apps have grown 388 percent from 2011 to 2013, while the number of malicious Android apps removed annually by Google has dropped from 60% in 2011 to 23% in 2013. Apps for personalizing Android phones led all categories as most likely to be malicious.

The results were gathered by the RiskIQ for Mobile service, which continuously monitors mobile application stores to detect suspect applications, application tampering and brand impersonation. For this survey, RiskIQ counted Android apps in the Google Play store as malicious only if they are/contain spyware and (SMS) Trojans that:

● Collect and send GPS coordinates, contact lists, e-mail addresses etc. to third parties
● Send SMS messages to premium-rate numbers
● Subscribe infected phones to premium services
● Record phone conversations and send them to attackers
● Take control over the infected phone
● Download other malware onto infected phones

“The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data,” said Elias Manousos CEO of RiskIQ in a statement. “Malicious apps are an effective way to infect users since they often exploit the trust victims have in well known brands and companies they do business with like banks, insurance companies, healthcare providers and merchants. Our unique visibility directly into App Stores allows us to shine a light on this problem and prevent attackers from impersonating brands to exploit their customers.”

Using a distributed global proxy network RiskIQ continuously scans and interacts with mobile apps in leading app stores via synthetic clients that emulate real users. This patent-pending technology exposes malware that would otherwise not “show itself” to traditional web crawler software. The highlights of the RiskIQ for Mobile research on the Google Play store include:

Percentage of Malicious Android Apps:

  • 2011: 2.7%
  • 2012: 9.2%
  • 2013: 12.7%

Percentage of Malicious Android Apps Removed:

  • 2011: 60%
  • 2012: 40%
  • 2013: 23%

Top Five Android App Categories with Most Malware:

2011 2012 2013
1. Entertainment 1. Personalization 1. Personalization
2. Education/Books 2. Entertainment 2. Entertainment
3. Media/Audio/Video 3. Education/Books 3. Education/Books
4. Personalization 4. Media/Audio.Video 4. Media/Audio.Video
5. Sports 5. Sports 5. Sports

Read more in the full article here.

MacDailyNews Take: “Open.”

[Thanks to MacDailyNews Readers “Brawndo Drinker” and “Robert” for the heads up.]

Related articles:
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010


    1. … on the other hand, you can’t innocently download malware through Apple’s walled garden.

      I can easily live without being able to customise my iPhone and take a great deal of comfort from not having to to worry about malware on my iPhone.

    2. Turns out you can’t do that with ‘rood either, google is furiously vetting and removing apps at a stunning pace in an attempt to stay in front of the malware tsunami. (good luck outrunning that wave)
      I thought googles ‘roid market was so great because google didn’t get to “decide” what apps got on? Turns out “Open” wasn’t really that “open”, now you have google deciding what what you can’t have -and- you also have buttloads of malware.
      Good luck, naive little ‘roid fan, with this fresh hell you have decided to reside in.

      1. Google only remove apps that affect them, like ad blockers. Malware is only removed when its found and notified several times, then its made public by security researchers cause google have done nothing about it. Sometimes its not removed at all cause adware is classed as “an aggressive advertising strategy”. Google is a joke

    1. Yea, you are right, I mean surely with all the resources it has the NSA malware application developers can be more effective at not getting caught, especially when it comes to spywear and collecting and send GPS coordinates, contact lists, e-mail addresses back tho their headquarters.

      And the DOJ, come, you think that anyone is fooled by the Cote/Bromwich duette?

      Wake up America, you’ll have to try harder, a lot harder if you want to be taken seriously as a terrorist war mongering state. The torture things isn’t too bad, maybe you should reintroduce slavery. I bet that will get Apple to open its doors for NSA malware.

  1. Those “malicious Android apps” will come in handy for all those Samsung Android phone that the Federal Government and military just ordered. So, Uncle Sam, did you get a good price on those non American phones that you purchased with our tax dollars. And, just how many Android phones were handed out as Obama phones. Do you think they are hacked too? Sometimes FREE and low cost come with a lot of strings!

  2. The point the Android public still doesn’t get…. Phones are more intimate than computers. It’s a device that is solely for you, your contacts, your pictures, your communications… more so than any desktop/laptop computer.

    Having an intimate device that requires antivirus due to its innate insecurity just seems like an idiotic move for a company.

    People who were clueless with Windows and didn’t mind buying a CHEAP $299 PC ($99+ per annual AV subscription + $100 or more per virus removal despite the annual AV price…) are going to be the same people doing it all over again with their Android phones.

    It’ll keep many of us “support guys” in some side money, yet I’ll still take the moral high ground and recommend Apple products. Should you continue the Windows/Android path, I’ll continue to charge for EACH AND EVERY support situation you need me for.

  3. Just like the windows PC debacle. That really hurt M$ for a long time and made them lose their focus on developing the OS after XP.
    The best virus is one that doesn’t kill your device but just uses your information and spreads to other phones. Google will pay for this eventually.

  4. If I were an Android user, that statistic about the percentage of malicious apps being removed by Google would turn my hair white. It shows that Google can’t keep up with the influx of malware in their own store. At this rate, Google Play won’t be safe to use in just a few years.


Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.