Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Android Google

Google's Play Store Identified as Main Distribution Vector For Most Android Malware (zdnet.com) 27

Posted by msmash from the security-woes dept.
The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study -- considered the largest one of its kind carried out to date. From a report: Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installations on more than 12 million Android devices for a four-month period between June and September 2019. In total, researchers looked at more than 34 million APK (Android application) installs for 7.9 million unique apps. [...] The results showed that around 67% of the malicious app installs researchers identified came from the Google Play Store. Google did not respond to a request for comment made by ZDNet almost three weeks ago.
This discussion has been archived. No new comments can be posted.

Google's Play Store Identified as Main Distribution Vector For Most Android Malware More

Google's Play Store Identified as Main Distribution Vector For Most Android Malware

Comments Filter:

    • No?

      Since the downloads rage on, wake me when an Android developer starts giving a shit about impact.

    • Re: (Score:3, Interesting)

      by notsouseful ( 6407080 )
      Maybe you should be asking if Google's 30% is worth it. They both charge the same amount - but although Google's is optional (you can run your own independent store - so people can independently download malware), Apple's is not, and Apple appears to put much more value into it for their 30%, especially from a consumer point-of-view. I don't consider myself an Apple fanboi, but today, I pay extra for the iPhone for that Walled Garden, because of the value it has to me as a consumer, in the time I don't wast

  • When it is the main channel of apps, that's expect (Score:3)

    by Great_Geek ( 237841 ) on Wednesday November 11, 2020 @03:45PM (#60712496)
    Since it is the main channel for all Android apps, of course it will be the main channel for bad apps.

    How could it be otherwise?

    • Since it is the main channel for all Android apps, of course it will be the main channel for bad apps.
      How could it be otherwise?

      I know, right? Did we miss TFA subtitle that says, "Duh" -- or is that buried in the conclusions section somewhere?

    • The point is that the whole concept of the walled garden was to protect people from malware. Clearly, that concept has not had the desired effect, though it still gets a 30% cut of sales for a broken promise.

      • Re: (Score:2)

        by tlhIngan ( 30335 )

        The point is that the whole concept of the walled garden was to protect people from malware. Clearly, that concept has not had the desired effect, though it still gets a 30% cut of sales for a broken promise.

        Except Google Play was never a walled garden. Or have we gotten to the point where people can't tell iOS from Android?

        Basically, while Apple reviewed apps, Google let everything and anythig into the Play Store. This has the expected result where the Play Store ended up with a store full of malware.

        Googl

        • Basically, while Apple reviewed apps, Google let everything and anythig into the Play Store.

          This sounds more like Apple propaganda than reality, on both sides. Apple "reviews" apps, but having managed a team that created iOS apps, I know that that "review" is haphazard at best, and serves mainly to prevent app developers from using other payment mechanisms. iOS certainly has less malware than Android, but an analysis of the data does not point to Applie's reviews, but rather, to Apple's closedness. https://www.pandasecurity.com/... [pandasecurity.com].

          Google's reviews are more automated, but their openness is both th

          • Re: (Score:2)

            by tlhIngan ( 30335 )

            This sounds more like Apple propaganda than reality, on both sides. Apple "reviews" apps, but having managed a team that created iOS apps, I know that that "review" is haphazard at best, and serves mainly to prevent app developers from using other payment mechanisms. iOS certainly has less malware than Android, but an analysis of the data does not point to Applie's reviews, but rather, to Apple's closedness. https://www.pandasecurity.com/ [pandasecurity.com]....

            Google's reviews are more automated, but their openness is both th

            • You make some good points, but I don't understand this statementa;

              But I call BS on closedness - because if that was true, Windows would be the most secure OS ever, with Linux being the most exploited.

              In what way is Windows "closed"? Any developer can write code for it, and distribute it without even notifying Microsoft. They can send apps through email if they want to.

              Perhaps its the definition of "closed." I didn't mean closed as in closed-source, but closed as in closed walled garden. In that respect, Windows and Linux are the same, there is no walled garden. Linux avoids most malware mainly because the user base is simply too small to

    • The main issue, for me at least, is why isn't Google doing a better job of getting rid of the malware in their store?

  • Most Serial Killers Eat Bread, Etc (Score:3)

    by Kunedog ( 1033226 ) on Wednesday November 11, 2020 @03:49PM (#60712510)
    For what category of Android software is the Play Store not the main "vector?"

    • Re: (Score:2)

      by slaker ( 53818 )

      I would've guessed that there are probably Chinese or Russian language app stores that might have been more prevalent sources of bad software.

      • Re: (Score:2)

        by znrt ( 2424692 )

        I would've guessed that there are probably Chinese or Russian language app stores that might have been more prevalent sources of bad software.

        research proves baseless and biased guesses wrong. who would have thunk!

  • Where? (Score:3)

    by swillden ( 191260 ) <shawn-ds@willden.org> on Wednesday November 11, 2020 @04:22PM (#60712608) Journal

    I wonder where the 12M devices were from. The level and sources of malware differ pretty dramatically around the world. If these were North American or European devices, then the numbers make sense. Most devices in those regions only use the Play store, so even though the amount of malware distribute by the Play store is very small, most of the malware will be from the Play store. Actually, making these numbers at all meaningful requires knowing how many devices used each installation mechanisms; without that there's a strong potential for a Base Rate fallacy error.

    Another source of potential bias is that this data clearly comes from devices whose users chose to install NortonLifeLock. In what ways they may differ from the general Android population, I can't say.

  • Breaking news. The primary distribution mechanism for all Android apps is also the primary distribution of malware.

    • The other possible alternative--the one the app stores would like you to believe--is that malware comes from side-loading.

      • Re: (Score:2)

        by kqs ( 1038910 )

        If I read the table correctly, 0.6% of the software from the playstore was malware. That's compared to 2.4% from pkginstaller (is that sideloading?) So, you have a 4x chance of getting malware if you sideload instead of getting software from the playstore.

        So yeah, when you say that "malware comes from side-loading", I'm gonna have to agree with you.

        • I believe you are reading the table correctly. But it's like saying that antique cars pollute the air 100 times worse than modern cars. This is a true statement. But because antiques are so seldom driven, their contribution to air pollution is minimal overall. If we want to reduce air pollution, it would not make sense to go after antique cars. In the same way, it doesn't make sense to blame side-loading for malware, since the overall contribution to the malware problem is tiny (0.7% vs. 87%, according to t

  • The entities that run the big tech walled gardens actually control the walled gardens!

    Who knew?

  • Don't worry, Epic (Score:3)

    by Dixie_Flatline ( 5077 ) <vincent.jan.gohNO@SPAMgmail.com> on Wednesday November 11, 2020 @06:09PM (#60713218) Homepage

    Soon Google will make it easier and less restrictive for you to make your own app store, and YOU can be top of the malware heap.

  • And to think at first, I thought having Google Apps blocked was a bad thing.

    Now I find out HMS is the only clean source of Android apps.

  • The obligatory joke was missing, but I guess I'm more shocked that the apparent interest was so small on Slashdot. This will be the 21st comment as the story expires.

  • ...and of course now Norton will be claiming you just absolutely must give them money to protect you from the Android Play store, because correlation always equals causation.

    Here's another analysis for you. More than 98% of all Android infections are caused by users installing software.

Slashdot Top Deals

Remember, UNIX spelled backwards is XINU. -- Mt.

Close