We hear it time and again: Android has big security problems. Last year, malware on smartphones increased more than 780 percent compared to 2011. The attacks almost exclusively targeted Android, whose users therefore have a significantly higher risk of contracting a virus.
According to a recent report from the security firm Kaspersky, 99 percent of all new malware attacked the Android platform last year. That was a continuation of the trend from 2011, which registered an explosive growth in Android malware.
During 2011, an average of 800 new types of malicious programs were discovered every month, and this figure rose in 2012 to a whopping 6,300 programs.
"Android is the world's most widely used smartphone operating system, so it is not surprising that it is also the hacker's favorite goal. But it has probably surprised many people, including myself, that it's as much as 99 percent", security expert Kevin Freij from MYMobileSecurity said.
The most widespread type of malware last year was SMS trojans that hid in fake apps and links, and could drain people's accounts by sending text messages to premium-rate numbers. One example of the type of malware was Super Battery Charger, which claimed to extend the life of your phone's battery, but instead made your phone bill skyrocket.
Another widespread type of malware was programs that steal personal data, a type of spyware. This is why it's important to read the conditions carefully before you download the app to see what you give permission to.
Kevin Freij also refers to another statement from www.mobilesandbox.org, a site that collects information about malware on Android. Out of the 300,000 new Android apps on Android stores in 2012 it found 43,000 malicious apps in 115 different malware families. Most of the fake apps were downloaded from Russian and Asian third-party app stores, but 13 malware families were also found on the official Google Play Store. But why are the fake and malicious apps such a big problem for the Android system?
"Unlike Apple's App Store, Google Play accepts software installations from unauthorised sources, and one of the surest ways to get a virus is to install a program from a suspicious app or website. Despite Google's efforts to improve security, it has not succeeded in reversing the malware curve. I think Google should increase the demands on the developers who upload new apps. The figures from the last two years show that the security of Google Play simply is not high enough.
"But from the users' point of view, the solution lies not in copying Apple's restrictive and controlled system, as we would then lose what makes Android different to iOS. One of the advantages of Android is obviously the open platform and the greater freedom to 'customise' your phone and select various app stores, and thereby also benefit from the increased competition among these. You could say that the blessings of the Android platform are also its curse", said Freij.
He suggests two solutions: either Google may choose to lock the Google Play Store, so all new apps must be approved, just like Apple does. It will require time and money, because it means that each and every one of the current 750,000 apps and all new apps in the Google Store have to be tested.
With this solution Android would still be an open system, but with the guarantee that everything you download from the Android Market has been approved. However, users would still be able to download fake apps from third-party stores if they chose to.
The second solution is to lock all handsets and make Android a closed system, which will mean that you can only install apps that contain specific codes that the developers pay for. This would reduce drastically malware on Android, because all developers have to be approved, and you would be able to track the developers behind the fake apps. Again a very expensive solution that totally removes Android's charm and makes it a completely closed system like Apple and Microsoft.
The question is: how much freedom are you willing to lose in order to get a more secure system? And are you willing to pay 10 percent more for your Android phone if Google invests 10 percent in testing ever app?
Freij also encourages users themselves to take more responsibility in preventing malware. "Many of us live a busy life, where everything must go so fast, and to download a new app should not take more than two minutes – in spite of compromising the security. Generally for all users, regardless of the operating system, we can apply the same rules if we want to protect ourselves the best way:
Think before you download, spend time reading reviews of the app, see who the developer is, read the terms carefully, make sure you have an updated antivirus program and be careful about clicking on links in emails, text messages and push advertising".
Kevin Freij is CEO of MyMobileSecurity, the company behind MyAndroid Protection.