Play Store identified as primary distribution vehicle for most Android malware

by



[ad_1]

Google play store

Image: Google, ZDNet

The official Google Play Store was identified as the primary source of malware installations on Android devices in a recent academic study – considered the largest of its kind to date.

Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installs on more than 12 million Android devices during a four-month period between June and September 2019.

In total, the researchers looked at over 34 million APK (Android app) installs for 7.9 million unique apps.

Researchers said that based on the different classifications of Android malware, between 10% and 24% of apps scanned could be described as malicious or unwanted.

But the researchers focused specifically on the “who installs who relationships between installers and child apps” to uncover the path malicious apps take to reach user devices.

The research team said they looked at 12 main categories that lead to app installs, including:

  1. Apps installed from the official Play Store
  2. Applications installed from alternative markets (aka third party app stores),
  3. Applications downloaded through web browsers
  4. Applications installed through commercial PPI (pay-per-install) programs
  5. Applications installed through backup and restore operations
  6. Apps installed from instant message (IM)
  7. Apps installed through phone theme stores
  8. Installed application loaded to disk and installed via local file manager
  9. Apps installed from file sharing apps
  10. Applications preloaded on the device (bloatware)
  11. Applications installed through mobile device management (MDM) servers (applications installed by companies on their employees’ devices)
  12. Applications installed through package installers

The results showed that approximately 67% of malicious app installations identified researchers came from the Google Play Store.

In a distant second, with 10%, came alternative markets, dispelling the fairly common assumption that most Android malware these days comes from third-party app stores.

play-store-research-results.png

Image: Kotzias et al.

The research, titled “How did this get into my phone? Distributing unwanted apps to Android devices, “is available for download in PDF format and was written by researchers at NortonLifeLock and the IMDEA Software Institute in Madrid, Spain.

A Google spokesperson did not return a request for comment sent almost three weeks ago.

[ad_2]

Source link