Android accounts for most mobile malware, says F-Secure

Android accounts for most mobile malware, says F-Secure

Summary: With Android accounting for 96 percent of all mobile malware in Q4 2012, F-Secure warns that the Google-developed mobile platform is increasingly being targeted by malware writers and hackers.


Android's popularity and success is also its security downfall, according to a leading security firm.

Android's share of mobile malware has increased by almost double in the last quarter, and now pegs in at 96 percent of the mobile malware market, according to a recent report by F-Secure [PDF]. 

By comparison, Symbian stands at 4 percent while Windows Mobile, BlackBerry and Apple's iPhone all come in with an even lower share of new mobile threats and variants over the quarter. However, much of Android's gain in the mobile threat scene can be contributed to PremiumSMS, a popular family of malware that generates profit through premium SMS sending practices, which saw 21 new variants in the past year.

"Every quarter, malware authors bring forth new threat families and variants to lure more victims and to update on the existing ones," the report noted said.

The rise in Android malware, the firm said, can be largely attributed to its increasing foothold in the consumer market. Other security firms have also noted this, but also attributed that Android's open platform and application store leaves it more vulnerable than rival mobile platforms.

"As for the other platforms," such as BlackBerry, iOS, and Windows Mobile, "they may see some threats popping up once in a while. But most likely, the threats are intended for multiple platforms similar to the case of FinSpy."

FinSpy and other FinFisher intrusion tools are a range of controversial malware tools, created by the private industry and first documented by Wikileaks, which are often installed on devices and machines at the behest of governments and intelligence agencies. It can be used to monitor all communications in and out of a device and can capture video, audio, and other personal information on the device.

From the report:

Screen Shot 2013-03-07 at 07.25.05
New mobile threat families and variants received per quarter (Credit: F-Secure)

Looking the figures, Android's leap in mobile threat variants received per quarter has risen between the two final quarters of 2012. In this case, the increase can be mostly attributed to an uptick in premium SMS-based mobile variants as well as Android's large market share in the mobile space, though not particularly due to any recent spike in Android uptake.

Conversely, for Symbian, the sudden drop from 21 percent to 4 percent can be attributed to the decline in Symbian market share. Over the past two years, Symbian's share has declined rapidly — in line with Nokia's wishes — in favor of Windows Phone, which has yet to make a splash in in the mobile market share pool.

"As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013," said F-Secure security advisor Sean Sullivan. "The numbers are starkly reversed from 2010, when Symbian malware accounted for 62 percent of threats and Android just 11 percent."

Screen Shot 2013-03-07 at 07.26.02
Threat families and variants by platform between 2011-2012 (Credit: F-Secure)

Between 2011 and 2012, the number of attacks targeting Android have increased in line with the increasing focus by malware writers and hackers to target the mobile space. While in 2011 there were 195 mobile malware families and variants, in 2012 that increased by one third to 301 familes and variants.

While side-by-side, these figures may not be representative of market share figures, it does reflect which kind of devices seem to be on the market today. While iPhones are increasingly popular in the enterprise, many consumer devices are Android-based.

It's worth mentioning that while F-Secure's underlying message is "buy our mobile software," the report makes some interesting points, particularly for the enterprise, which may be weighing the cheaper Android options in favor of other, more expensive devices, for instance. 

Android is becoming increasingly popular in the enterprise, thanks to mobile device management (MDM) software and business-focused features, such as VPN security and integration with outsourced cloud services, such as Google Apps. 

The iPhone may be the device of choice, according to recent Gartner figures, though bring-your-own-device (BYOD) policies at work are seeing more Android-based phones enter the workplace. This ultimately means that CIOs and IT managers have to accommodate such devices at work by offering security-based policies and restrictions.

But there's only so much these policies can do. Mitigation is one thing, but actively exploiting even the most basic functionality in these phones, such as SMS text messaging, can still rack up the bills while generating a small fortune for the malware writers. 

Topics: Malware, Android, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • F-Secure is marketing its software

    F-Secure is marketing its software, but it also underlines the fact Andorid is nothing but crap because of its weak design and security model.

    Windows Phone has zero malware, another good reason to switch to WP8
    • Just wondering..... that way Android devices heat up - though that is good during the winter?
    • That's Only Because . . .

      . . . WP8 has zero users! What's the market share now? Something like 0.00006%
    • Android vs Windows phone bad comparison.

      "Windows Phone has zero malware" really windows phone before 8 has plenty of malware that should be completely compatible with windows phone 8. Also how many virus(not malware) has Windows phone had........How many virus have Android device had? Android thanks to it's Linux roots, has strong protect system files.

      Malware goes were the users and the money is. This is why Windows had so many problem. All platforms have security holes and vulnerabilities, yes All.
      • Please explain

        "Windows Phone has zero malware" really windows phone before 8 has plenty of malware that should be completely compatible with windows phone 8"

        What? There was only 1 version of Windows Phone before WP8 and it had 0 malware. There were many versions of Windows Mobile before Windows Phone and it certainly didn't have "plenty" of malware. However, there is absolutely no app compatibility between Windows Mobile and Windows Phone so no Windows Mobile malware could ever run on Windows Phone.

        "Also how many virus(not malware) has Windows phone had"

        First off, there is no such thing as non malware viruses. All viruses are malware. Second, there are 0 viruses for Windows Phone, thanks to its Windows NT roots.
        • No malware?

          Sorry I forgot in Microsoft land you call ad ware and spyware features and say it is not malware.
          • Now that's irony for you

            There may (or may not) be adware and spyware apps for Windows Phone. I haven't run into any but I can't claim to be familiar with every single WP app ever written.

            However, I do find it extremely ironic that an Android supporter would be against adware considering that Android exists for 1 reason and 1 reason only: to expand Google's ad network. Android, by definition, is adware.

            One could also argue that in order to target advertising, Android is also spyware but I won't rub salt in the wound.
  • Windows WP8 is secure

    Windows Wp8 is secure, just like BlackBerry, they have both 0.3%.
    Android is the worst, with 79% of the market share, hence the most attacked.

    Market Share dictates security, just like in desktop OS.
    • Easy

      Easy to tell by just a single glimpse, due to the nice pie chart provided above.
      • You don't have a clue about the security model

        Even if WP8 has 90 percent share, there will be zero malware because its designed to be secure.
        • ...

          Good point.
          • Basically it is sloppy coding by the providers...

            They inject their crappy in house code onto the Android kernel and compromise it every time. Of course java and flash don't help either, but HTML-5 may fix that later. I would think iOS has some bragging rights here, as it is almost as popular as Android and consequently the market share, but fewer malware variants. Whether this is attributable to Apple's penchant for standard hardware, or never allowing provider additions without approval, or just rejecting java and flash - I really can't say - but I'd think all of those may be a big factor.
          • It's the App Store.

            None of these OS's are any more difficult to make malware for; as I have said previously, if if can run software, it can run malware. The trick is to stop it getting there.

            Android is very open (ease of getting root access doesn't help) and this helps malware find its way on to devices. For google's part most of this malware that I have read about comes from 3rd party repositories, and my moto has never found any malware on one of it's scans. But then my iPhone and iPad don't half malware checkers on them.

            MS apple and bb all lock down their app stores. Time will tell with regards MS, but my guess would be that given that apple came through it's popularity largely unscathed, and I would expect MS to follow suit. There will always be the odd app that gets through, but you should be able to trust the App Store of your device.

            As an android user that has never found anything I do wonder how much of this applies to those 3rd party repo's? After all I wouldn't personally be interested in malware formjailbroken iOS statistics for example?

            That said rooting android easily is good for 'de-googling' it :)
          • Far too much comes from official Android app store

            Not sure if Google has improved but there are far more stories out there about Google yanking malware from their official store than I've seen for Windows Phone and ios combined.

            Granted, nothing in the last few months though. Hopefully Google has improved.


            PS I like Android and will be switching to it if my recent MS purchases do not work out. I'm just under no illusion about Android's "perfectness". Not suggesting you are but some here on ZDNet sure took a deep swig of Google koolaid. At least they aren't as bad as apple fanboys.
          • in terms of money lost to Malware

            iOS is number 1. By billions
            It's called in-app-purchasing and Apple makes it easy by giving malware direct access to credit cards open ended.
            This is the current state of Malware now.
            It is just another form of torjans.
            Apple didn't allow it until they got their 30% of in app thefts.
            Ask the parents trying to get refunds from Apple.
            It is the worst form of Malware when it's pronounced safe by the "vetted" appstore.
            Don't deny it, it's BAD!
        • That's not how it work, Owll1net

          "Even if WP8 has 90 percent share, there will be zero malware because its designed to be secure."

          That's not how it works. Market share does in fact dictate the likeliness of it getting attacked by malware.

          Has a programmer, would you rather write one piece of code and hit a small percentage, or write a different piece and hit a far, far bigger percentage?

          It's the same for malware. Attack the biggest market share, and you're bounded to "catch" more people than if you attacked a smaller market.

          That's why WP and BB10 are going to be pretty much safe from Malware for a long time. That is, until/if one of them gets bigger than android.
          • Oh, and "designed to be secure" is bullshit

            Nothing we code is perfect. It could be designed to be the best in the world (I have no doubt Microsoft designs every release of Windows to be Secure), but in the end, it was coded by humans. And we make mistakes.
          • The Way I Heard It

            Windows is several million lines of code. I can't even type my username and password without hitting backspace at least once! And you expect the code to be without errors?! :)
        • Let's see

          Windows 95/2000/ME/XP/Vista and 7 did/do have more no less than 90%. Should we talk about malware?
          Yes, I do agree with you that the market-share argument is pretty flawed.
          Most if not all Windows malware could have been prevented, if MS had either a repository like that of GNU/Linux distros and *BSD, or an API similar to Android's with a transparent permission system and forced sandboxing.

          And most importantly, if in all of their creations MS had a different from the "let's do it somehow and think it through afterwards" mentality.
        • Total nonsense Owll1net!

          Boy do I have some water front property for you! When WP8 ever gets a decent share of the market (probably never), it'll be as virus infected as Windows because nothing is secure and virus attacks are aimed at the biggest market share. That's why Apple now is seeing virus attacks because it's market share has improved from it's minority status slightly, so it's getting it's share. Hackers aren't interested in tiny little fringe groups, they want maximum "bang for the buck" effect. Hackers have always shown that they can attack anything if they put their mind to it. Android users have also hurt themselves by not using Anti-virus apps (like Apple users did), a sort of "head in the sand" attitude.
          Laurentian Enterprises