Skip to main content

Should you worry about malware on your phone? We asked the experts

RSA Conference
Charles Lever speaking at the 2015 RSA Conference. RSA Conference
At this year’s RSA conference, Charles Lever, a researcher from Damballa delivered a talk in which he claimed that mobile malware in the U.S. has been overstated and overhyped. According to him, you have a greater chance of being hit by lightning than getting mobile malware. Lever explained that of the more than 150 million smartphones in the U.S. it tracked, only 9,688 had been exposed to malware.

The low rate of infections, he says, is due to the use and prevalence of the two biggest app stores, Google Play Store and Apple’s App Store, which send apps through a certain level of security checks before listing an app for downloading. However, if you venture outside these legitimate app stores, you’re inviting trouble.

Representatives from security services like Avast and Lookout disagree with Lever, claiming that the mobile world isn’t as safe as he makes it out to be. So, who is right and who is wrong, and how concerned should you be, as a user? We spoke with all parties to find out.

Still early days for mobile malware

The extent of mobile malware is still not widely understood. “This research shows that mobile malware in the U.S. is very much like Ebola,” Lever told the conference. “Harmful, but greatly over-exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection.”

“As long as there are users and mobile users are growing every year, there always will be malware.”

An early April report from Verizon made some similar remarks, stating that while mobile malware is dangerous, it will not be the cause of a massive cybersecurity incident, like the one Sony suffered. “Data breaches involving mobile devices should not be in any top-whatever list,” the authors said.

There are other factors that affect the security of mobile devices beyond malware.

“Malware is only one part of the mobile security story. Many of these recent reports are only taking into consideration commodity malware, and not targeted attacks, which are arguably the most concerning threats,” says Aaron Cockerill, VP of Products at Lookout.

However, there are many who stress that mobile malware is a real concern that users should be aware of. Michal Salat, threat intelligence analyst at Avast, says that it’s important not to downplay mobile malware. “As long as there are users and mobile users are growing every year, there always will be malware,” he says. “It’s the same with PC, as PC grew and the amount applications grew, the amount of malware grew.”

rsa 2015
RSA Conference

Salat says he agrees that users should stick with using official app stores, because they are “fairly secure,” but there can still be malware found in these stores. The only way to ensure the store is 100-percent free of malware is to employ individuals who check each app that comes through, which is impractical, he says.

The numbers examined by Lever, says Salat, give a kind of narrow view. “It’s kind of a small point of view they are speaking about in the presentation, because they were only talking about the malware that communicates with the author in any way,” says Salat. “There is a significant amount of malware that never connects back to the author. The best example would be pay-per-click malware.”

Threats still appear in the app stores

In their own work, Salat and the team at Avast have come across a few notable examples of mobile malware rearing its ugly head in the Play Store. They discovered the card game app, Durak, a piece of adware that would eventually show a fake warning message, that if followed through on, would allow the adware to scoop up data from your smartphone. “By [Google’s] own metrics, it affected about five to 10 million users,” says Salat.

“We detected it over several different detections at a time. It was on the app store for quite a lot of time and infected a lot of people,” he says. This one example from Salat counters many of the figures presented by Lever in his presentation downplaying the dangers of mobile malware.

“I don’t want to question [Damballa’s] numbers, don’t get me wrong, they’re probably true, but they’re taken from a really small part of the market,” he adds.

Durak-game-GP
Image used with permission by copyright holder

“What I really don’t like about the report is the final statement that it’s way more probable that you will get hit by lightning than encounter malware,” Salat says, explaining that the weather figures represent your chances of being struck by lightning across your lifetime. “The percentage that says how possible you are to get infect [by malware] was taken over a year,” Salat explains, “so there is a huge difference.”

North America is not the danger zone

While U.S. users aren’t having as many problems, regions outside North America are becoming hotbeds of mobile malware, as threats have become more global, particularly in Eastern Europe and Asia.

“[Cyber criminals] are basically repurposing really common PC variants of financial services Trojans, like SpyEye and Zeus, and are repurposing and refactoring those to run on mobile devices,” says Gary Davis, chief consumer security evangelist at Intel Security.

According to Davis, there are many reasons why other regions have been more susceptible to attack, namely users in those areas tend to own phones running older operating systems. “I think that’s where a lot of attacks are originating,” Davis says.

China is another example of a fertile ground for malware. The Google Play Store isn’t supported in China, even though there are a high number of Android users in the country. Because the app stores aren’t as universal, the country has a higher number of malware infections compared to the United States.

gary davis
Gary Davis Image used with permission by copyright holder

Davis says that this year alone there will be some notable instances in how malware spreads on mobile. Intel Security predicts that ransomware, or malware that threatens users and asks them to pay money to fix their system, will be targeted more and more toward smartphones rather than PCs. “If you look at how malware writers are creating their wares, it seems to be that’s where they’re going next, and that makes us a little bit nervous,” he says. “Mobile writers in malware are going to start kitting their software, and this is something that goes on quite a bit on the PC side.”

He points out research from a colleague that claims roughly 80 percent of the malware they find is a derivative of something else.

“They’ll take something they can either buy or get through the dark Web and repurpose it and do what they’re going to do,” he says. “We expect that mobile malware writers are going to start kitting up their malware starting this year and make it available on the dark Web, either for free or for sale.”

How to stay safe

There are several tips mobile users can follow to keep their devices free of malware, and many of them are the same as protecting your desktop. Security experts recommend that you keep your operating system updated and install a good anti-virus software, but also, adding PIN protection to your phone in case it’s stolen is always a good idea, as is being extra cautious of public Wi-Fi connections.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
6 surprising reasons you should buy an iPhone instead of Android
iphone 11 pro max vs pixel 4 xl screen

We have heard the same arguments from the Android faithful for so long that they have become accepted wisdom. If you want a cheap phone, you need an Android. If you want to make a phone personally yours, you need Android. If you want the coolest new features, you need Android.

I question these pillars of the pro-Android argument. What if an iPhone actually costs less than an Android? What if customization is also possible on the iPhone? And what if all that Android hardware bragging is just hot air?
The iPhone is a better budget device
You can easily find a great phone on either side for $1,000, but what if you only have $300 to spend, or less? Common wisdom says buy an Android, and big brands like Samsung, Motorola, and LG offer fine phones in that range. At Apple, the cheapest new phone is a $399 iPhone SE.

Read more
Is Mac really more secure than Windows? We asked the experts
Surface Laptop 2 Review

Apple talks a big game when it comes to security. Its stance on user privacy has been one of the dominant themes of Apple's marketing, especially in the past few years. In a world awash with data leaks and cybercriminals, that’s reassuring.

But when it comes to the Mac and its comparisons against Windows, are the assumptions true? Is MacOS actually better at protecting your privacy? After all, a recent survey found that more Americans trust Microsoft than Apple with their private data, at a rate of 75% to 69%. Could it be correct?

Read more
Does tracking your sleep actually help you sleep better? We asked an expert
Sleep Number It Bed review

Modern life simply isn't conducive to getting a good night's sleep. There's artificial light everywhere, we spend hours glued to screens, and it's not unusual to be checking work emails on your phone at night, last thing before you go to bed. We know that the potential health consequences of not getting enough sleep are severe, ranging from obesity and hypertension, to diabetes and heart disease. There's also the immediate impact on work performance, the risks of drowsy driving, and the higher incidence of accidents to contend with when we're tired.

It's no wonder sleep technology has been on the rise. There's no shortage of gadgets and apps that claim they can offer us a sound night's rest, or help us better understand whether we're getting the recommended full forty winks every night. There's a myriad of sleep tracking options out there, from fitness tracking bands to mats you put under your mattress, and even apps that run on your phone on the nightstand next to you.

Read more