As Android continues to rise in popularity, so do, unfortunately, some of the seedier elements that are invariable associated with emerging software technologies. The latest Mobile Threat Report from F-Secure shows some startling statistics, especially when it comes to Android.
In Q3 2013, some 259 total mobile threat families and variants have been detected across the popular mobile OS's, with a shocking 252 of them being found on Android. The remaining 7 are found on Nokia's aging Symbian OS, while equally as shocking, no threats have been reported for iOS, BlackBerry, or Windows Phone.
The threat breakdown consists primarily of Trojans (more than 90% of all threats), the largest percentage of which are targeted at mobile banking. A large majority of mobile banking trojans are of the SMSSpy variety, which aim to intercept SMS messages sent from banks in the form of secondary or two-step authentication of user credentials or online transactions.
SMSSpy differs from other malware families as it does not descend from a single identifiable code source, and as such is more difficult to identify and intercept. F-Secure has also detected a rising count of PUAs (Potentially Unwanted Applications), which include undesirable or unwanted functionality, or inadvertently introduce security risks.
F-Secure states that the easiest way for malware to find its way onto your device is by physically accessing your device, which is why locking your device or protecting it with an Anti-theft solution is recommended. As many forms of Android malware aims to silently send premium rate messages or calls, blocking premium-rate services at the operator level can minimize financial losses even if malware does get installed.
Finally, F-Secure recommends that you download Android apps only from the Play Store, and to pay close attention to app permissions when installing or updating apps. Third party apps like PocketPermissions or PermissionDog can help explain many of the oftentimes-obscure permission requests. Also, an antivirus program like Lookout is highly recommended.
Android's growth has truly been something to behold, with new activations already a staggering 1.5 million per day. Still, open source does have its inherent risks, so it's important to be aware of the inevitable security risks associated with such explosive growth.
You can check out the full F-Secure report here (PDF).
Thanks, satishsivam, for the tip!