Some 343 new Android malware samples every hour in 2017

02/20/2018
G DATA Blog

The threat situation has continued to be high in the past year, with over 3 million new Android malware samples discovered. 744,065 of these were discovered in the fourth quarter of 2017. This means that G DATA analysts are counting an average of 8,225 new malware samples for the Android operating system every day. Despite a slight drop in the total annual increase compared to the previous year, (3,246,284), there is no relief in sight. With the latest Android version, Google is trying to make updates available to all users faster that used to be the case so far. Current cases such as the “Meltdown” and “Spectre” attacks have shown the rethink to be justified. What is behind Project Treble?

2017: 700,000 malicious apps on Google Play

In the past year alone, Google and AV providers discovered over 700,000 apps that violate the guidelines of the Play store. This constitutes an increase of 70 percent compared to 2016. Among the malicious apps were copycats - apps with unacceptable content and malware which pose as legitimate apps.

The statistic shows that malware apps can creep into the store despite Google’s numerous security features. Users should therefore make sure they install a security app on their device. This can detect applications with malicious functions in good time. The security app should include a virus scanner that checks the Android device and all apps for Trojans, viruses and other malware.

Android still the dominant operating system

Over 68 percent of all smartphones in Europe had an Android operating system installed in the fourth quarter. Globally, some 73 percent of smartphone users have Android (source: Statcounter). However: only about 1 percent of all Android users have the latest version, Android 8. Over half are using Android 6 and 7 (“Marshmallow” / “Nougat”), and a quarter are still on version 5 (“Lollipop”) (Source: Android).

Treble: Light at last at the end of the Android update tunnel?

Android updates are a very tiresome subject - not only from the average user’s stand point. Security holes are being detected with increasing frequency and at ever shorter intervals. Smartphones are in a particularly exposed position here. With the release of Android 8.0 (Oreo), Google introduced Project Treble. With this, Android developers are pursuing the goal of distributing updates to users faster and more sustainably. This means that Pixel and Nexus models will no longer be the only ones to receive updates swiftly.

How were things in the past?

To date, it has taken five steps to roll out an update. The Android team publishes the open source code, so the processor providers can adapt the new release to their specific hardware. Consequently, the smartphone providers are actively in control of which customisation preferences are built into the software. The network operators, who also sell mobile devices to their customers, also take the software and add their own modifications. Only then can an update finally be released. Frequently, these concatenated processes take a very long time, so users do not receive the updates until months after they were released by the Android team.

Security incidents require a rethink

Android is the clear forerunner among experts when it comes to security holes. Developers and researchers alone discovered 841 vulnerabilities among the various versions of the Google operating system in 2017. However, this leading position is explained by the fact that Android is an open source project, and therefore plenty of people have the opportunity of working on it and researching it. However, the problem is not only vulnerabilities in the software, but specifically holes in the hardware. Meltdown and Spectre, the serious security holes in processors, which are also present in mobile devices, have again demonstrated how important a speedy security process is so that users receive new updates quickly. This is because the majority of cyber attacks exploit security holes that are already known.

Project Treble simplifies processes

With Treble, Google has changed the process and provided a so-called vendor interface. This establishes an interface between the Android OS framework and the provider’s modifications. This means that all relevant hardware-specific information, such as the drivers for the chipset, is readily available. This means that smartphone manufacturers can deliver Android updates quickly, without having to customize them to their own requirements first. Users would finally be in a position to receive updates in good time, without having to worry about a long waiting period. Cheap smartphones in particular often do not receive any updates for protection against security holes at all, as they are frequently already obsolete in terms of the software used during production.

Providers free to integrate Project Treble

In recent years, users have often had to face the dilemma of not knowing whether or not the smartphone provider for their device will continue to provide updates.

Project Treble is basically available on any smartphone supplied ex works with Android 8. However, a retrospective update to Android 8 is no guarantee of participation in Project Treble, as Google is leaving it to the discretion of the providers as to whether they provide the function in the event of an update. Therefore, when purchasing a new smartphone with an Android operating system, users should check that Project Treble or Android version 8 or higher is on it. This will ensure that the device receives updates swiftly in the event of security holes such as Spectre.