RiskIQ claims malicious Android apps up by almost 400 percent on Google Play

RiskIQ claims malicious Android apps up by almost 400 percent on Google Play

Summary: RiskIQ, an Internet security company, claims that malicious apps have grown by almost 400 percent on Google's Android Play store.


The best way to avoid Android malware is to make sure you only download apps from trustworthy sites such as Google Play or Amazon's Appstore for Android... or is it? RiskIQ, a corporate Internet security company claims that malicious apps have grown by 388 percent from 2011 to 2013 in the Google Play store.


RiskIQ also claims to have found that the number of malicious apps removed annually by Google has dropped from 60% in 2011 to 23% in 2013. The company states that these results were gathered by its RiskIQ for Mobile service. This distributed global proxy network continuously monitors mobile application stores to detect suspect applications, application tampering and brand impersonation. For this survey, RiskIQ only counted Android apps in the Google Play store as malicious if they are/contain spyware or SMS Trojans. These Android malware programs had one or more of the following characteristics:

Five simple ways to avoid Andriod malware

Five simple ways to avoid Android malware

Five simple ways to avoid Android malware

• Collect and send GPS coordinates, contact lists, e-mail addresses etc. to third parties

• Send SMS messages to premium-rate numbers

• Subscribe infected phones to premium services

• Record phone conversations and send them to attackers

• Take control over the infected phone

• Download other malware onto infected phones

“The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft, and steal confidential data,” said Elias Manousos CEO of RiskIQ in a statement. “Malicious apps are an effective way to infect users since they often exploit the trust victims have in well-known brands and companies they do business with like banks, insurance companies, healthcare providers and merchants. Our unique visibility directly into App Stores allows us to shine a light on this problem and prevent attackers from impersonating brands to exploit their customers."

The end result is that RiskIQ claims that in 2013 no less than 12.7 percent of all Google Play apps were malware. That seems high and a closer look at RiskIQ's numbers also showed that the company has Google Play total number of good applications in 2013 as being 332,084, which was far less than the 2011's total of well-behaved applications, 402,509. That doesn't seem right.

It's hard to judge the veracity of RiskIQ's claims. Google has scanned software for malware tendencies since 2012 with its Bouncer program before placing any program on the Google Play store. In addition, Google now forbids app updates that don't come via its Play store.

Since Bouncer catches malicious applications at the time of upload, those apps never make it into the store. So, if Bouncer is catching these applications before they make it into the store, the percentage of malicious apps that are already in the store might go down, but that's because a greater number are being caught before they make it into the store. This, of course, is a good thing.

In short, while there's no question that Android malware is a significant problem, I remain unconvinced from this study that 12.7 percent of all Google Play apps were malware of one sort or another. That said, you should still use a high-quality Android anti-virus program and be wary of installing dodgy software.

Related Stories:

Topics: Security, Android, Google, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RiskIQ, an Internet security company

    And I bet they have have an anti-virus available to solve this problem.................
    • Somebody better have one

      Somebody needs to have made a good Android anti-virus scanner because you're going to need it. Android is the new classic Windows of mobile, complete with all the trouble and malware Linux users used to bash Windows over. The irony is striking! :-)
      • Sure ... after all

        ...we've all seen those hundreds of posts from people who have been infected on Android, just like we've seen for windows.

        Uh huh.
        • What's really funny (and enlightening) about the article

          is Steven's recommendation at the end of his piece:

          "you should still use a high-quality Android anti-virus program and be wary of installing dodgy software".

          He even provides an embedded link in the recommendation to help Android users select "a high-quality Android anti-virus program" for their device(s).

          P.S. IMO, Android's update/upgrade process (or lack, thereof) poses the greatest threat to the platform. To wit:


          A remote code execution vulnerability in the Android browser was disclosed in December, 2012, and remains unpatched in approximately 70% of Android devices currently in circulation, including new devices bought off-the-shelf. Note that there now exists a Metasploit exploit module for this vulnerability. Me? I'd install Firefox for Android or Opera ASAP if I wasn't running Android version 4.2.1 or later.

          Best of all? Metasploit used this exploit to get code execution on Google Glass.
          Rabid Howler Monkey
    • Yes they do

      Click the above link get; RiskIQ for Mobile
      “Just send your list of mobile apps to us to start the process of discovery and monitoring.”

      Next step, Contact sales.
    • FUD

      12% of apps in Google Play are malware.
      Show me malware in Google Play that survives for more than 48 hours. I DARE YOU.
      They simply don't survive, Google deletes them within minutes of being reported if they managed to get pass Bouncer. If this FUDware company is detecting malware that is persistent in the playstore, it means that they are either not reporting genuine persistent malware or the apps are not malware and has passed Google inspection after being reported.
      Either way, this RiskIQ FUDware corp is in the bad books.
  • The day something happens that would require me to have anti virus

    will be the day that consider getting an iPhone. I'm just saying - I am an android fan, and I generally only install top name apps, that have lots of downloads, high ratings and developer comments about why each requested permission is required.
    But finally getting a malicous app from the play store would do it. I'm skeptical about the claims but we'll see what happens over time. All it takes is for google to inspect the apps a little better like apple.
  • Big mess!!!!

    I thought while reading first para, might be went up from 0.1 to 0.3 or some thing like that. but close to 13% of apps are malicious in Google play.

    I rather choose a apple or microsoft for mobile and tablet.
    • yeah! those windows pro tablets are sooo much securer

      compared to android and that security mess!
      Except one thing sort of bothers me. Almost every day I see these stories about all versions of windows and internet explorer and "zero-day" bugs "actively being exploited" or "pwned" or something? And how they get "hijacked" with "ransomware" that encrypts your files and threatens to reveal all the porn sites you've visited to all your contacts just by going to a web site. I don't understand all this tech mumbo-jumbo.
      Thanks to you guys' advice, I've recently sold my insecure android tablet and got a surface pro, so I hope you guys have steered me in the right direction of better security.
  • How do you tell this malware apart....

    ...from what Google already bakes into Android?
    • yeah, right on. Evil google. Not going to use their stuff anytime soon.

      Oh, and how about those back doors I heard the NSA puts into iOS and windows. Taking advantage of the fact that no one can see their secret proprietary source code. Makes you wonder what they have to hide, you know? Sort of like when the NSA was caught paying RSA 10Miil to weaken their encryption algorithm. Man, can't trust anybody these days.
      • Conjecture vs. proof

        Network analysis already shows that Google's platforms (Android, Chrome, Chrome OS, even the outdated Google Desktop) takes user data and uploads it to Google-owned IP addresses - ALL THE TIME! The rest is just conjecture made from 1 reporter whom is in bed with Edward Snowden, and yet none of the documents that Edward Snowden claims to have had in his possession have been openly released to the public. It is all just being reported as second-hand information with no real proof.
  • Android can't be safe

    Its open source nature is an invitation to attack. It takes half an hour for an application to be submitted to Google PlayStore and it takes from 9 hours to 2 weeks for an app to get 'Ready for sale' status in the AppStore. At this state of things the Android platform can't be considered secure and safe.
    Maria Davidenko
    • I don't think you understand what is meant by open source

      Note windows is quite insecure (due to security bugs in the code) but is as closed and proprietary as it comes. Any malicious apps in the play store has nothing to do with open source, but how closely google and bouncer scrutinize the app submissions for apps that take advantage of the user granted permissions. You are confusing the relative freedom of the android store with open source.
      • Open Sauce

        Means they left the cap off the bottle and it's an open invitation for germs.
        • well, you may be proud of your clever analogy

          But no it doesn't mean that. If you want to have an intelligent discussion, let me know.
          • Ease up

            I was just mocking the ignorant post regarding open source security.
            You and I know that proprietary secret recipes of herbs and spices is methodically more vulnerable than open source.
    • Android Can Be Safe

      It's obvious you have little or no hands on experience, and I fear not much understanding either. Or you wouldn't be saying, 'Its open source nature is an invitation to attack.', at all.
      I keep making similar remarks about the Scaremonger Articles where the numbers in this particular case, as SJVN has pointed out, don't even add up. Every one of the Scaremonger Articles has an AV to sell, o just BTW.
      In the wild, where the vast majority of us live and work, if Android users observe a few basic safe practices, as I have for years, they'll do well with Android.
      • Android can never be safe

        ....because the development model is based on Java.
        • Wow. I mean just Wow!

          No comment necessary!