I generally take threat reports from security companies like SophosLabs with a grain of salt. Sure, the researchers behind companies like SophosLabs are the most likely to know the goings-on in the world of computer-viruses and blackhat crime, but they also have incentive to spread concern about cyber crime since they’re selling a solution.
With that in mind, according to Sophos’ Security Threat Report 2013, Android is “today’s biggest target.” In part, this may be because of BYOD (bring your own device) policies that have been cropping up in large corporations. The reasoning is the IT divisions in companies don’t have the same level of control over every Android device, and a secure network’s only as strong as its weakest link. One compromised device means passwords or even a company’s most confidential information can be leaked.
Compounding that issue is the desirability of rooting, which has benefits to users, but potentially makes the very core android system files vulnerable to malware. Then there’s the possibility of side-loading Trojan horse apps from questionable sources–especially apps that request the INSTALL_PACKAGES permission, allowing them to download more malware on their own. Then there are apps found in the Google Play Store which aren’t malware per-se, but track extensive data from its users.
Sophos’ answer to this (for corporations) is 1) to extend company computer security policies to apply to android devices, 2) refuse access to rooted Android devices, 3) apply device encryption (which won’t have much effect on malware, but may prevent stolen phones from leaking information), 5) to restrict Android devices to apps in the Google Play Store that have a “positive history and strong ranking”–and 6) to install security and device management software on the phones.
That might be a good precaution for a corporation, but as private enthusiasts we’re not so keen on foregoing rooted devices altogether. We like CyanogenMod’s approach to a toggle-able root status, allowing for root access when you need it, while denying it when you don’t. We also strongly recommend avoiding cracked packages, as even cracked apps that appear to be functional can be vectors for malware.
You can download Sophos’ full threat report from the company’s website here.
Have you had a first-hand experience with Android malware? Share your thoughts in the comments section below.