Inside Android’s Mobile Malware Fail

Unfortunately for Android, the mobile operating system that is an apparent magnet for malware, the new application verification service attached to Google’s Android version 4.2 comes up short on detecting that which it is supposed to keep off of our devices.

Based on the findings of a new study conducted by Xuxian Jiang, an associate professor of computer science at North Carolina State University, Google’s “application verification service” only detects 15.32 percent of known malware.

“By introducing this new app verification service in Android 4.2,” Jiang writes, “Google has shown its commitment to continuously improve security on Android. However, based on our evaluation results, we feel this service is still nascent and there exists room for improvement.”

Specifically, our study indicates that the app verification service mainly uses an app’s SHA1 value and the package name to determine whether it is dangerous or potentially dangerous. This mechanism is fragile and can be easily bypassed. It is already known that attackers can change with ease the checksums of existing malware (e.g., by repackaging or mutating it).

To be more effective, Jiang proposes, additional information about the app may need to be collected. “However,” he adds, “how to determine the extra information for collection is still largely unknown — especially given user privacy concerns.”

Industry estimates suggest that roughly 85% of all mobile malware attacks since 2011 took place on Android smartphones. All told, malware breaches have exploded by at least 700% in the past twelve months. As a result, key players in the Android ecosystem are doing their best to help curb their unfortunate phenomenon.

As MMW reported in November, Airpush – the second largest mobile ad network for Android – just partnered with Appthority, a leading and highly respected expert force in mobile app security to eliminate the threat of mobile malware from the Airpush network..

“Mobile malware has been a thorn in the side of the thriving app ecosystem,” said Kevin Watkins, CTO and co-founder of Appthority. “We are proud to assist Airpush with the technology that improves the state of security across the app world. Airpush is being proactive by attacking the malware problem at its source distribution and that demonstrates their commitment to protecting their customers.”

Clearly, the time has now come for others to become equally proactive and put forward polished, effective solutions to mitigate the threat of mobile malware before it begins to restrict the industry’s overall growth – a reality that some mobile experts predict will be inevitable if malware is allowed to get out of hand.