Symantec: 1 in 5 Android apps is malware

“Android malware is on the rise,” Dan Tynan reports for Yahoo Tech.

“According to Symantec’s latest Internet Security Threat Report, ’17 percent of all Android apps (nearly one million total) were actually malware in disguise.’ In 2013, Symantec uncovered roughly 700,000 virus-laden apps,” Tynan reports. “Symantec used its Norton Mobile Insight software to crawl more than 200 Android app stores, downloading and analyzing more than 50,000 apps and app updates each day in 2014.”

“Most of the malware found by Symantec tries to steal personal data like phone numbers and contact lists, which are then sold on the Internet’s black market, says Haley,” Tynan reports. “Some may cause your phone to send text messages to premium SMS services, automatically adding charges to your monthly bill. Other apps may pelt you with ads that pop up randomly over other applications. Some apps even change your default ringtone to an advertisement, Haley says.”

“As for iOS?” Tynan reports. “Symantec found a grand total of 3 infected apps in the iTunes store in 2014. Last year it found zero.”

Read more in the full article here.

MacDailyNews Take: Our Lady of Perpetual Beta’s hastily-assembled iOS knockoff is the Typhoid Mary of mobile.

[Thanks to MacDailyNews Reader “eldernorm” for the heads up.]

Related articles:
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013

Prior to Steve Jobs unveiling of Apple’s iPhone, Google’s Android didn’t support touchscreen input – April 14, 2014
Before iPhone, Google’s plan was a Java button phone, Android docs reveal – April 14, 2014
How Google reacted when Steve Jobs revealed the revolutionary iPhone – December 19, 2013
Apple to ITC: Android started at Apple while Andy Rubin worked for us – September 2, 2011

59 Comments

    1. Like Windows versus Mac, Android gets targeted with malware because it is SO easy compared to iOS. Android is the “low-hanging-fruit” of mobile. And no one can make that stupid “security by obscurity” claim this time. 🙂

        1. I’m actually messing with the troll. 😉 That’s why the total vote count is so high. The goal of the troll (or trollbot) seems to be to get the “stars” to two. Every time I nudge it up to 2.5 stars with a single 5 vote, there is immediate response that puts it back to 2 stars. Then, there are no additional down votes, until I nudge it back to 2.5 stars with another single 5 vote. It’s got to automated, because the response is so immediate and precise.

          MDN should feel “complimented” that some “socially awkward” geek took the time to devise such a system.

            1. Yes. And since then (as soon as my comment was back to 2 stars) there have been no additional down votes (still showing 173 votes). Immediate and precise (“robotic”) response to your one up vote. And take a look at the entire list of comments here. ALL comments that look like they are “targeted” with significant down votes are precisely at two stars.

              What this means is that there is no “army of trolls” here. The trolls are NOT “out in force today.” It’s one clever loser with no life and too much time to kill…

              (OR maybe there’s an evil Apple-hating A.I. on the loose. 🙂 )

          1. I’ve been a fan of MDN for years. There’s defintely been an uptick of the number of trolls in the past month. Number one suspect due to their past behavior has to be Samsung.

    1. Down voting DroidTrolls are out in force again this morning. Fandroid low-cost obsessed bastard types are victims of their own cheap sheep ineptitude. I can think of none so deserving of each other. You get what you pay for losers.

        1. Thanks, I agree. Their doofusy down-voting just another indication of the lack of intelligent, objective Fandroid life. History vindicates Apple, just as it is casting Google into the Hellpit of Supreme Evil. But even Lucifer has his mindless minions, hence the Fandroids.

          1. I truly and profoundly don’t get them – doofus trolls, that is. I do, basically, two kinds of things in my life:

            1. Things I would not do if independently wealthy, but that need to be done… wage-earning work, cleaning the house, shopping.
            2. And positive, fun, rewarding things I’d still do, no matter how much money I had sitting in the bank – enjoying nature, being with friends and family, biking, etc.

            What pathetic empty lives these people must have to spend time on sites about the company and products that they DON’T LIKE… trying (and failing) to annoy us with vacuous negativity.

            Gawd! Get a life, people. Do something positive. Laugh. Watch a good movie. Start a business. Watch a puppy. Or get counseling, you poor sad schmucks.

            1. Funny how some people here seem to be surprised by occasional negative feedback, while most of the mdn articles and the reactions are aggressively and blindly pro-Apple. Calling non-Apple watches “stupidwatch”, insulting Samsung or pretending that Switzerland is doomed is bound for backlash. If your skin is too thin for that, you should make mdn private.

            2. if you don’t like a pro Apple stance (from an apple FAN site why do people like you come here?

              samsung watches ARE stupid watches.
              people who like them are stupid too because they are willing to take malware (see above) etc and people who supper them are stupid (like you) , your stupidity is obvious as you have the stupid idea that Apple fans on an Apple fan site should not naturally side with Apple (especially when it’s obvious the Apple advantages).

              THRE ARE PLENTY OF ANDROID SITES WHERE YOU IDIOTS CAN SPEND PLENTY OF TIME DISCUSSING ANDROID MALWARE PROBLEMS AND PRETENDING “ITS OK”, HERE WE TELL IT AS IT IS.

            3. These trolls are not real android fans, anyway. They are paid agents of Samdung. If you can’t win the hearts of consumers and you can’t innovate, you’re left with stealing the ideas of others and paying mindless trolls to attend your launches and go on forums and make some noise. Good luck with that.

            4. It would be great if they could keep bottom feeders like you off of this site. Okay, now I guess you’ll tell us how you’ve had every Apple product since the Apple I and are their biggest fan. Yada, yada, go back to the “Android for Retards” website you normally inhabit.

          2. Word of unsolicited advice…Those that feel compelled to critique other’s intelligence are usually lacking themselves. You do this quite frequently. Just so you don’t wonder, I did downvote you.

            1. It may not be intelligence so much as a form of psychological problem ’tis true. IQ is almost always suspect as well, even if disingenuous to says so. No fears, I am not lacking in that dept. last time I checked. Convenient however for you to make up a specious axiom like that that is just as disingenuous.

            2. A presumptuous personal observation not based on any fact you can verify. That makes it disingenuous conjecture. Not worth the effort to express it. It makes you look every bit as guilty of what you accuse me of.

        2. Yes. I like it when my comment gets a lot of votes. I don’t care so much about the number of “stars.” Vote count is more important, and a high “troll vote” just means my comment was meaningful; it highlights the comments others should read. So thanks trolls… 🙂

          Idea for MDN: Take advantage of the trolls. They are pointing out the comments they do not like by trying to negate the positive votes with 1-star votes. Create an automated check that looks for comments that have a large number of 4 and 5-star votes (maybe 20 or more) and a similar number of 1-star votes. When such a comment is found, visually highlight it in some way, including a label that says something like

          “Alert – Trolls HATE this comment”

          That will get more of your real visitors to read those comments. Get those trolls working FOR you!

          1. The number of stars indicates the importance of the post.

            That is the basis of the peer review system in science publications — where the number of citations indicates the importance of the article. In science publications, there is no ranking system at all, which would be merely subjective. Trolls do not understand this principle. They do not understand the analytical argument I just made.

    1. Wow! Thanks for participating in my little experiment everyone!

      Sadly, due to the many variables, the myth is neither confirmed, busted, or plausible.

      The results have proven one thing at least, Robert Wilensky was right:

      “We’ve all heard that a million trolls banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.”

      (Well, apparently he said something like that. It’s on the internet so it must be true!)

      I intend to be the first to give this post 1 star!

  1. If I were Google, I would be working on shaping Chrome OS or a new OS into an Android replacement with effective malware and piracy protection. I would try to publicly deny or downplay the Android malware shitstorm to buy just enough time to finish building the SDK that actually fixes Android’s biggest issues.

  2. MDN should be more careful with the click bait. The author of that Yahoo article writes, “Symantec found a grand total of 3 infected apps in the iTunes store in 2014. Last year it found zero.” Yet the word iTunes doesn’t appear in either Symantec’s report or its appendix. And the only Mac OS X malware the report mentions comes from the Chinese third-party app store, Maiyadi.

    1. I want to know exactly what ‘malware’ in the iTunes Store stupid deceitful Symantec is talking about.

      As for the iOS apps for jail broken iOS devices, none of which was ever in the iTunes Store, all were indeed Trojan horses. In fact, nearly ALL malware these days, for any platform, is Trojan horses. On Windows, there continue to be drive-by infections via the web. There have been potential drive-by infections for Mac, but I know of none that were in-the-wild.

      I’ll also add the usual: The single WORST software any Mac user can run are the Oracle Java or Adobe Flash Internet plugins over the Internet. Both are horrific and CONSTANTLY are found to have security holes, many of which are zero day exploits that end up in-the-wild. Either NEVER install or use either, OR use a BLOCKING program for both. Thankfully, Safari does automatically block both and requests users approve their use. Safari also monitors the versions of these plugins installed and makes certain they are the most current versions available. When they are not, Safari alerts the user and INSISTS that they be updated. Thank you Apple!!!! <3 🍎💋💕

  3. A few points:

    1) “Android malware is on the rise,” Dan Tynan reports for Yahoo Tech. <- – DUH-A-DUH! We've known that for TWO YEARS! You just noticed? Good gawd!!!

    2) As for iOS? Symantec found a grand total of 3 infected apps in the iTunes store in 2014. Last year it found zero. <- – This makes NO sense. Leave it to Symantec to FUD iOS uses with bullshit.

    (A) The only actual ‘malware’ for iOS in the iTunes Store has been proof-of-concept. The end.
    (B) There have been three iOS malware for JAIL-BROKEN iOS devices. That malware was NEVER in the iTunes Store.
    (C) If there ever (EVER) was any actual working iOS malware in the iTunes Store, I want to know about it!!!
    – – -> Caveat: There was a massive SSL certificate verification flaw in a 3rd party networking library used by many iOS developers as of January. This flaw was patch a couple weeks ago and ‘should’ be closed. At one point there were reportedly 1,500 apps that used this broken library. At this point it time it is hoped that ALL of them have been patched. But testing continues to determine if that is the case. I’ll be writing about this situation at my Mac-Security blog this coming week.

    3) Google ‘says’ they are going to now more closely vet applications submitted to their Google Play Store. Whether this actually stops malware is entirely unclear. From what I can tell, they are NOT testing submitted apps for malware activity. They are simply vetting them for fitting Google’s standards for Android applications. Here’s a link about this situation:


    Google Play apps and updates are now subject to a review process

    Company has also started handing out kid- and parent-friendly age ratings for apps.

    [Note: Symantec’s FUDing of Mac users back in 2005 was the impetus that got me into studying Mac security in the first place. That’s how much I hate Symantec, the incompetent liars.]

  4. “Most of the malware found by Symantec tries to steal personal data …. which are then sold, ”

    sounds somewhat like ANDROID itself.

    Android exists to get personal data to sell to advertisers. that’s how google makes money of ‘free’ android.

      1. Ah, I remember that argument and situation. There were indeed a few apps that took too much user information then did who-knows-what with it. To call those apps ‘malware’ is possibly wrong. But what they were doing was at the very least sleazy.

        The fact is that there are a number of Mac applications that do something similar by way of planting tracking cookies on user’s Macs. I have a personal list of such offending Mac apps which I can republish here if folks are interested.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.