Android vs malware: how to run a secure, open ecosystem

A presentation by Android Security chief Adrian Ludwig at Berlin's Virus Bulletin conference lays out a fascinating picture of the security dynamic in the open Android ecosystem, through which Android users are able to install apps from the official, Google-operated Play Store, as well as from anywhere else they fancy. Ludwig describes a "defense-in-depth" strategy that is based on continuous monitoring of the overall Android world to come up with responses to malicious software. According to Ludwig, only 0.12 percent of Android apps have characteristics that Google thinks of as "potentially harmful" and there are lots of good apps that share these characteristics, so that number doesn't represent the number of infections. There's also a lot of material on the kind of badware they find on mobile handsets, from commercial spyware that looks at users' browser history and location data to snoopware that covertly spies through the camera and mic to fraudware that sends out premium-rate SMSes in the background.

"A walled garden systems approach blocking predators and disease breaks down when rapid growth and evolution creates too much complexity. Android's innovation from inside and outside Google are continuous, making it impossible to create such a walled garden by locking down Android at the device level."

He stated Google's mission in defending against malware in terms more closely akin to the Center for Disease Control (CDC) than the PC security industry.

"The CDC knows that it's not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks."

The problem Google wants to solve is that most independent security researchers don't have access to a platform such as Google's to measure how many times a malware app has been installed. They are analogous to human disease researchers without a CDC to measure the size of a disease outbreak and coordinate a response. Security researchers are very good at finding and fixing malware, but in the absence of reliable data that indicate how frequently a malware app has been installed, the threat level can become exaggerated. Reports that reach publication are often extremely exaggerated. To emphasize this point, Ludwig revealed in his analysis that some of the most publicized recent malware discoveries are installed in less than one per million installations.


Contrary to what you've heard, Android is almost impenetrable to malware [Steven Max Patterson/Quartz]

(via Hacker News)