Juniper Networks posted a report on their blog Tuesday, claiming that the Android platform has seen an exponential growth in malware samples in the last couple months. Android malware has increased an astounding 472 percent since July 2011, not even half a year ago.
In Juniper's annual Malicious Mobile Threats Report from May 2011, they found that Android malware had at that time grown 400 percent since summer of 2010. More recently, Juniper Global Threat Center noticed a 110 percent increase in malware sample collection from October over the previous month, which was a 171 percent increase from what had been collected up to July of this year.
Not only did Juniper record an increase in the volume of Android malware available, they also saw more sophisticated methods used in the malware itself. Juniper's report says they began seeing Android malware capable of gaining root access on the device, which could then be used to install additional packages in the background that would extend the functionality of the malware. This is now a common behavior for almost every piece of malware, because according to Juniper, this vulnerability is prevalent in almost 90 percent of Android devices.
Juniper's report lays the blame for this overabundance of malware on Google's review process. "These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications," Juniper's blog post said.
Juniper's blog post also tackles the question of whether or not Apple's iOS platform is more secure than Android. They claim that while iOS might be more secure than Android, it's not necessarily because of better security or less vulnerabilities, but mainly because of the difference in approaches to monitoring the companies' respective application marketplaces. The open nature of the Android marketplace means that it doesn't have code signing and the sometimes-criticized review process that Apple requires. In this case the lack of these things appears to be a downside, as this is what makes it so easy for attackers to distribute malware on Android. "Until there comes a time that someone figures out a tried and true way to get malicious applications into the App Store, Android will remain the target of mobile malware writers around the world," Juniper's blog post said.
The full report contains more technical details and a simpler infographic that displays their findings.