BT: Almost every Android device is infected with malware
Summary: British Telecom says that one third of Android apps are compromised with some form of active or dormant malware, and that almost every Android device is infected. Something doesn't add up here.
Update on July 30 - BT backpedals on claims almost every Android device has malware
British Telecom (BT) has made some rather eyebrow-raising statements about Google's mobile operating system. We all know Android malware is a problem, but a BT security expert speaking at the NetEvents Americas conference has just made it sound like an epidemic that is affecting everyone.
"We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware," Jill Knesek, head of the global security practice at BT, said according to EE Times. "Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing."
I've been covering the Android malware issue for quite some time, and while there is definitely more and more of it in the wild (last month was particularly bad), there is no way BT's claims are on target. I'm not sure which 1,000 Android apps BT chose to use in its analysis, but I doubt they were randomly picked. I find it very hard to believe that one third of Android apps contain malware and that almost every device has one of said apps installed.
This made me wonder why BT would be making such statements. I know that the U.K. telecom service provider sued Google over Android as well as other products late last year, but that's not enough of a reason for BT to hate on Android. This seems to me like some kind of miscommunication, a quote that has been taken out of context, or simply a poorly informed BT employee.
I have contacted BT about these claims. I'll update you if and when I hear back.
Update on July 30 - BT backpedals on claims almost every Android device has malware
See also:
- Warning: New Android malware tricks users with real Opera Mini
- Warning: Fake Skype app on Android is malware
- Malware charges users for free Android apps on Google Play
- Android malware families nearly quadruple from 2011 to 2012
- Warning: GTA, Super Mario on Google Play are Android malware
- Warning: Fake Instagram app on Android is malware
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Why do you question it?
Yikes..
Also, Emil confuses 30% of applications and 30% of devices
BT only discusses 30% of applications, not 30% devices. Most of those trashy applications rarely get installed, so actual percentage of infected devices is way lower than Emil writes and the two things are not even really correlated.
Nope.
Here is the quote
Nothing to do with percentage of devices, but all to do with percentage of applications.
Read the entire quote
Sure "Almost every" is not a percentage, but most people would consider that to be above 75%.
Sure
Actually, please tell them here:
1. What digital Android stores were tested?
2. What applications were tested?
3. What TB counts as "malware" (Like what is minimal code function to say it is malware?)
4. On what users did they test it (just on their own network users or all?)
At least those four would be nice if you would tell, because you have the knowledge of the exact numbers.
numbers to back up or to spread FUD?
Where did they get those numbers? Is it possible to get the names of those "compromised with some form of active or dormant malware"? I would also like to know where these bad apps are available.
Since I can also examine the Planet Mars and find plenty of life there.
Because it's not logical and therefore, probably not true.
App source likely China
Exactly
There are lots of apps in Google Play that just eat RAM or serve adds, does that make them malware according to BT?
They're counting adware, aren't they?
But as far as actual malicious code goes, I bet only a tiny fraction - way less than 1% - contain that kind of code.
I look forward to your indepth analysis
Oh really
You really think a carrier knows what application sent each packet of data? Because it's not a continuous stream, it's packets. Do you understand how data is transmitted? It sure doesn't seem so.
No they are not
They would have to cross reference data to accounts and validate devices and then prove which data was actually sent and which was stolen... All of which would be pure conjecture and speculation without having 100% of handsets in hand.
probably counting adware yeah.
If that adware is sending your location then its even worse
Yeah except...
Adware and Push Notifications
It's about the same as antivirus and antimalware vendors calling cookies malware. Overblown hype.
I have installed and uninstall ed quite a few Android apps and while a small fraction were flagged by my AV none of them were actually malicious. Push notifications are the most common being flagged and again, very few compared to the amount I have installed. Even fewer were flagged for questionable permissions.
If it violates privacy law, ...