BT backpedals on claims almost every Android device has malware

British Telecom has backpedaled on claims that one third of Android apps are compromised with some form of active or dormant malware, and that almost every Android device is infected. The company has refused to publicly reveal its research.
Written by Emil Protalinski, Contributor

Late last week, I wrote about some eye-raising statements made by a British Telecom (BT) security expert at the NetEvents Americas. Now, BT has backpedaled on the claims. To refresh your memory, here's what Jill Knesek, head of the global security practice at BT, said:

We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware. Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing.

I noted how very skeptical I was of these assertions, even though the Android malware issue has been growing rather quickly (last month was particularly bad). Here's what I said: "I'm not sure which 1,000 Android apps BT chose to use in its analysis, but I doubt they were randomly picked. I find it very hard to believe that one third of Android apps contain malware and that almost every device has one of said apps installed."

Some readers pointed out in the comments that BT might be referring to adware, which by definition is any software that automatically displays advertisements. In some cases, adware can also be classified as spyware, a type of malware which steals user information. Given the number of free Android apps supported by ads, this was the most likely explanation. Still, I still found the numbers mind-boggling, and kept pushing BT for comment, but since it was the weekend, I didn't hear back till Monday (today).

Here's the statement BT finally supplied me with:

During a panel discussion at a Net Events conference in Florida last week, a BT employee voiced opinions on malware risks within apps distributed to users of Android-based devices. Those opinions were reflective of information available from public studies. The BT employee also mentioned in passing the existence of some testing done by BT on Android devices. BT has indeed done some testing on both Android and Apple OS environments, but not necessarily on the scale reported by media articles in the last couple of days. BT has not released that information and does not intend to elaborate further on that topic at the moment.

The fact that BT is not interested in releasing its study publicly makes me further wonder what's going on here. I have asked BT for where I can find the mentioned public studies. I'll update you if and when I hear back.

Update at 12:00 PM PST: I was given five links, none of which seem to prove BT's statements. Here they are: Lookout, Juniper, Digital Trends, F-Secure, and Securelist.

The first of these was supposed to include the numbers being cited, but it didn't. A BT spokesperson told me the following:

The below research numbers were from the Lookout Mobile Genome Project data from Feb. 2011: https://www.mylookout.com/appgenome

Recent Research Revealed:

  • 29% of free Android apps are potentially malicious
  • 33% of free iPhone apps are potentially malicious

"potentially malicious" refers to the application implementing behavior that is presumed to provide some sort of functionality, but could be used maliciously, such as to track people.

The problem is that this wasn't in the report. In fact, malware was only mentioned once, and "potentially malicious" wasn't mentioned at all. The report did say, however, that:

  • The Apple App Store has a higher prevalence of apps with the capability to access contacts and location than the Android Market.
  • 28% of all apps in the Android Market and 34% of all free apps in the Apple App Store have the capability to access location.
  • 7.5% of Android Market apps and 11% of Apple App Store apps have the capability to access users' contacts.

I've pointed this out to BT and will update you if I hear back.

See also:

Editorial standards