BT backpedals on claims almost every Android device has malware

BT backpedals on claims almost every Android device has malware

Summary: British Telecom has backpedaled on claims that one third of Android apps are compromised with some form of active or dormant malware, and that almost every Android device is infected. The company has refused to publicly reveal its research.


Late last week, I wrote about some eye-raising statements made by a British Telecom (BT) security expert at the NetEvents Americas. Now, BT has backpedaled on the claims. To refresh your memory, here's what Jill Knesek, head of the global security practice at BT, said:

We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware. Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing.

I noted how very skeptical I was of these assertions, even though the Android malware issue has been growing rather quickly (last month was particularly bad). Here's what I said: "I'm not sure which 1,000 Android apps BT chose to use in its analysis, but I doubt they were randomly picked. I find it very hard to believe that one third of Android apps contain malware and that almost every device has one of said apps installed."

Some readers pointed out in the comments that BT might be referring to adware, which by definition is any software that automatically displays advertisements. In some cases, adware can also be classified as spyware, a type of malware which steals user information. Given the number of free Android apps supported by ads, this was the most likely explanation. Still, I still found the numbers mind-boggling, and kept pushing BT for comment, but since it was the weekend, I didn't hear back till Monday (today).

Here's the statement BT finally supplied me with:

During a panel discussion at a Net Events conference in Florida last week, a BT employee voiced opinions on malware risks within apps distributed to users of Android-based devices. Those opinions were reflective of information available from public studies. The BT employee also mentioned in passing the existence of some testing done by BT on Android devices. BT has indeed done some testing on both Android and Apple OS environments, but not necessarily on the scale reported by media articles in the last couple of days. BT has not released that information and does not intend to elaborate further on that topic at the moment.

The fact that BT is not interested in releasing its study publicly makes me further wonder what's going on here. I have asked BT for where I can find the mentioned public studies. I'll update you if and when I hear back.

Update at 12:00 PM PST: I was given five links, none of which seem to prove BT's statements. Here they are: Lookout, Juniper, Digital Trends, F-Secure, and Securelist.

The first of these was supposed to include the numbers being cited, but it didn't. A BT spokesperson told me the following:

The below research numbers were from the Lookout Mobile Genome Project data from Feb. 2011:

Recent Research Revealed:

  • 29% of free Android apps are potentially malicious
  • 33% of free iPhone apps are potentially malicious

"potentially malicious" refers to the application implementing behavior that is presumed to provide some sort of functionality, but could be used maliciously, such as to track people.

The problem is that this wasn't in the report. In fact, malware was only mentioned once, and "potentially malicious" wasn't mentioned at all. The report did say, however, that:

  • The Apple App Store has a higher prevalence of apps with the capability to access contacts and location than the Android Market.
  • 28% of all apps in the Android Market and 34% of all free apps in the Apple App Store have the capability to access location.
  • 7.5% of Android Market apps and 11% of Apple App Store apps have the capability to access users' contacts.

I've pointed this out to BT and will update you if I hear back.

See also:

Topics: Security, Android, Apps, Google, Malware

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Duh.

    Just another FUD producing company :-\
    • BT is a generally reliable source

      Some fool shot off his mouth - probably drunk. Don't hold it against them yet.
  • So much for credibility

    Didn't Emil originally publish this horseshit last week?
    • Get with the program

      This is an update to his last article on this very topic.

      • Which means...

        ...his last article was unsubstantiated horseshit.
    • Emil Said It Seemed Unsubstantiated at the Time

      It's rather pointless to criticize the story for reporting on the statements when the story criticized the statements at the time it was released.
  • Quick response from the google PR team to stifle any further relevations?

    Do no evil?
    Johnny Vegas
    • Re: Quick response from the google PR team to stifle any further relevation

      Yeah, like Google can ban BT from using Android or something if it doesn't fall into line.
      • Hard to do

        ... with Cyanogenmod around.
  • It's all about context...

    The numbers reported at this link and above would support the "potentially malicious" claim, depending on the context (

    "In the Lookout App Genome Project17 report published in February 2011, we estimated that on iPhone 33.9% of free applications had the capability to access location and 11.2% had the capability to access contacts. On Android, we found that 28.2% of free apps in the Android Market had the capability to access location and 7.5% had the capability to access contacts."

    iOS doesn't tell you what permissions the application has, so the average user would never know that their contacts list or GPS location was being accessed. Is this "potentially malicious"? I say yes. Without the user being specifically notified of the behavior, this is a potential privacy violation.

    Android does have the manifest.xml file that denotes permissions when the application is installed, but is the average user aware of what these permissions do? maybe, maybe not. Additionally, if that GPS location or contacts information is being accessed the user must understand the purpose and context for the application requiring that information. It makes perfect sense for GPS location if it's using maps or something like that, but if it's a chess game, the user has no understanding why this GPS or contact info would be required or for what purpose that information would be used.

    Unless the user is specifically aware of what personal information is being accessed by the application and why, I'd say it could be used for "potentially malicious" purposes. It's all about context.
    • Every android app tells you EXACTLY what it can access before you install

      "Unless the user is specifically aware of what personal information is being accessed by the application and why"

      They don't all say 'why' though many do. But every single android app tells you EXACTLY what permissions it has before you ever install it.

      On the other hand:
      Not a single Apple App Store app tells you what permissions it wants because Apple doesn't want to bother it's users with that information
      • The issue is WHY they are accessing that data

        That's was my point, we can accept that a application is accessing our contacts list or GPS location when we install the application, but unless we know WHY it needs to access that information and what it is going to do with it, there still exists the ability for the application to do malicious stuff.

        The Android permissions show what permissions are required by the application, but it does not explain the WHY. If an application needs to access my contact list, I'd like to know why. And if it is going to send that data to their server I'd like to know why and what they are going to do with that information.

        For all we know, the application could be harvesting emails from our contacts list and then company could be selling that information to affiliates or other 3rd parties. Just because the application tells me it's accessing that information, doesn't mean it isn't doing additional, potentially nefarious activity, with that data down the line.
  • And...

    However, note that this information contained within the Lookout report, and what this BT person said, are two very different things...I'd like to see the numbers as well...
  • App to provide what Apple omits

    Clueful, which was an app and banished from the App Store, is now a web app:
    It tells you what the apps are asking for.
  • Malware

    Using W7 and now Android 4.2, I personally have never been affected by harmful so called malware. Computer Magazine writers like to write about stuff like that without supplying enough information for the user to make any rational decisions. If it is a virus or Trojan that can actually modify your computer or cause harm to it, they should discuss what programs your computer should contain to deter them. In most of these articles they never make any mention of Firewalls and Anti Virus programs. Usually they are only telling half the story. I have never seen any stories on Viruses or Trojans that are the least bit helpful to me. Kind of like yelling fire in a crowded theater when they don't have any real information of a fire taking place.