Cyber attacks on Android devices on the rise

11/07/2018
G DATA Blog

The total count of mobile malware rises about 40 percent in 2018. G DATA Analysts have identified around 3,2 million malicious apps by the end of the third quarter of 2018.

G DATA analysts counted around 3.2 million new malware apps up to the end of the third quarter of 2018. This represents an increase of over 40 percent compared to the same period last year (Q3 2017: 2,258,387 malware samples). Cyber criminals are increasingly focusing on mobile devices, especially those with Android operating systems. The reason: eight out of ten people worldwide use a smartphone with the popular OS, because these are often cheap to buy. This makes it all the more important to use a security app.

Almost 12,000 new Android malware instances every day

The year 2018 is expected to end with a new negative record. By the end of the third quarter alone, G DATA analysts had discovered almost 3.2 million new Android malware samples. This means that the researchers counted around 11,700 new malware samples per day for the popular operation system. This is an increase of over 40 percent compared to the same period last year (2,258,387). The total number for 2016 has almost been reached up to this point alone. The threat level for Android has reached a new high. But the threat is not only from malware - missing updates for smartphones continue to be a danger.

Is Android unsafe now?

One question suggests itself of course in the light of these figures: is Android generally unsafe? This is not at all easy to answer. It is worth taking a look at market shares first. Around 80 per cent of smartphone users worldwide have a device that uses an Android operating system. Of course, the high distribution rate has a direct connection with the purchase price for a smartphone. Good Android devices can be obtained at relatively low prices.

However, Android is still struggling with out-of-date devices. Google has started addressing this issue back in 2017. Under Project Treble, the company integrated an option in Android 8 and above that enabled fast update distribution. We reported extensively on this in the G DATA Security Blog at the time. There is a catch, however: Android 8 is only installed on only about one in five devices - over a year after it was released in August 2017. The current Version 9 (Pie) still has a distribution rate of less than 0.1 percent.

Distributing security updates in good time

The key to better protection of smartphones and tablets lies in the timely distribution of the latest security updates. Security researchers point out that device providers, too, are required to maintain higher standards.

According to a report by technology portal The Verge,, since this summer Google has been contractually obliging manufacturers of popular Android smartphones to provide security updates for at least two years. According to the terms, mobile phones must receive at least four Google security updates in the first year. They must still receive updates regularly in year two. By the end of each month devices must be protected against every vulnerability that was discovered more than 90 days before. However, this contractual regulation has several limitations. It only applies to smartphones that have been activated by at least 100,000 users. In addition, the contract only applies to devices that came onto the market after 31 January 2018. Large parts of this regulation were supposed to have been implemented by July 31 this year, but there is a grace period until 31 January 2019.

There is an urgent backlog in the Linux kernel area. According to Greg Kroah-Hartman of the Linux Foundation, there are hardly any Android smartphones which make use of the latest Linux kernel. An up-to-date system has only been found on Google’s internally developed “Pixel” line of mobile devices, he says. All Android smartphones except the Pixel devices are basically vulnerable to attack, he adds. This is because all changes to open source software are posted publicly and attackers would only need to check where the kernel developers have patched vulnerabilities.

Android spyware creates uncertainty

The current coverage regarding spyware for Android smartphones is another thing causing uncertainty. The malware can copy a host of private data from a smartphone and read WhatsApp chats. G DATA Internet Security for Android recognises the threat under the name Android.Trojan-Spy.Buhsam.A. Smartphones especially hold a wide range of important private data on a device. The example shows that the use of a security solution on a mobile device provides protection against threats.

Virus Bulletin: Google takes IT security for Android seriously

The danger from malware is now an important subject for Google as well. Experts in the IT security industry meet every year at the Virus Bulletin trade conference. This year, Google researchers there gave two talks on the subject of Android malware apps. In her talk, the analyst Maddie Stone presented a highly sophisticated malware strain that goes to unusually great lengths in order not to be found by automated systems.

In the second Google talk, security expert Łukasz Siewierski spoke about a campaign involving pre-installed malware on Android smartphones. According to his analyses, the malware is installed during the actual development stage. G DATA reported on a similar subject in the 2015 Virus Bulletin and, first of all, here in the Security Blog in 2014.

Highest marks for the ninth time in a row at AV-TEST

G DATA Internet Security for Android achieved full marks in the latest comparison test by AV-TEST. For the sixth time in a row, the smart security app detected 100 percent of all malware and achieved the highest marks for no less than the ninth time in a row.

AV-TEST examined a total of 20 security products for Android this time. All of the security solutions had to demonstrate their capabilities using all of their functionality and protection levels. G DATA Internet Security for Android impressed in every category and achieved a 100 percent detection rate. Hence, as a German IT security provider, G DATA was awarded the coveted AV-TEST certification.