Around 15 years ago, Apple was engaged in an advertising battle against Microsoft, in which the “cool computer company” poked fun at its competitor’s susceptibility to viruses. Of course, one of the reasons for that weakness, was the sheer size of the Windows mass market compared to Apple’s more limited presence.
Spin forward to today, and the lyrics may have changed, but the song remains the same. Malware on Android devices is stealing millions of dollars from millions of people. And while iPhones are not immune from the problem, the predominance of phones utilize the Android operating system (OS), once again skewing the scale of malware’s impact.
Google’s biggest problem in terms of malware is also a primary Android selling point: flexibility and openness. Because Google allows manufacturers to customize its OS, it expands the likelihood of errors. Additionally, Google permits the use of alternate app stores, opening a channel for bad actors. Likewise, Google gives its users the choice of remaining on older versions of its OS, rendering security updates ineffective.
In recent months, a number of apps from respected developers have been embedded onto Android phones, unknowingly committing data theft, advertising and subscriber fraud in the background. For example, a weather app pre-installed on Alcatel handsets performed ad fraud by loading pages with ads and clicking on them, triggering subscriptions to premium services without user consent. This activity, invisible to end users, was consuming up to 250 MB of data daily. When exposed, Google removed the app from the Play store; however, the fraudulent app remains available from other third-party stores.
Another case involves a highly popular video downloader app called Vidmate, which has more than 500 million downloads globally. This app was acting as a screen for background fraud and, in just a few months, it made 130 million attempts to subscribe users to premium digital services without their consent. Unchecked, 5 million mobile devices across 15 countries would have succumbed to fraud worth $170 million.
Part of the problem is that it’s too easy for malicious apps to get to market – even on the official Play Store. Google’s relaxed validation process only tests apps against “what it says on the tin.” For instance, if a video downloader or a weather app successfully downloads video or provides weather forecasts, the app might not be stringently tested for background activity. This enables bad actors to distribute malicious apps until they are caught and removed. Using this strategy, bad actors simply create a new developer account and reload the app under a different name.
Importantly, it’s not just bad actors who upload malicious apps to the Play Store. Legitimate developers are increasingly finding themselves a conduit for fraud by including tainted third-party software development kits (SDKs). This lack of oversight by developers can damage their personal reputation, as well as hitting their end users’ wallets.
Google is taking steps to mitigate these risks with its Google Play Protect[1] solution, which provides protection at a handset level. Google recently announced an initiative to strengthen its app monitoring processes after admitting that previously it was unable to scale its systems. The company has dubbed the new initiative the App Defense Alliance[2], and together with its partners is seeking to improve the detection and prevention of rogue apps within the Play Store.
But there’s more to the fraudulent activity than might be detectable in the lab. Some of the more sophisticated malicious apps do not initially have those rogue elements in place. Instead, they wait until the app is being used normally by a consumer – even detecting so-called sandbox testing and usage in the laboratory – and then download additional code with the malicious element. Apps behaving like this will still pass the initial tests and find their way into the Play Store.
On top of that, Google’s actions will not address the issue of the third-party app stores. In many emerging markets, some of the popular utility apps – such as those for downloading videos – are only available in third-party stores, which is why it’s important to not just monitor the services that the apps are providing, but rather to look at patterns of behavior on the network itself.
Machine learning algorithms can identify suspicious activity and traffic, making it possible to detect and block the rogue app behavior within the network. Over the past year, doing so has resulted the discovery of 60,000 different Android apps on 5 million different infected devices.
While the fight against malware and fraud is underway, users can do more to help themselves, including:
- Only use services like Play Protect
- Download apps from the official Play store after first carefully checking reviews of the app
- Closely monitor mobile bills for unwanted subscriptions
- Ensure that data usage is accurately reflected, as some malware burns through the data allowance in the background
Operators also can take steps to reduce malware by investing in better network security. Doing so not only protects users, but it helps operators protect their own revenues from fraudsters. When found, rogue apps should be exposed, removed and blacklisted.
Finally, Google can play a significant role in reducing malware by improving transparency and working more closely with the fraud detection industry.
As next-generation 5G networks are built, it’s important to address these issues with renewed energy, as these new networks are more open, powerful and attractive to fraudsters. While new risks undoubtedly will emerge, operators that put strong malware protection in place today will be best placed to protect their own services and revenues, as well as the consumers that utilize their networks.