Android still triggers the most mobile malware, says F-Secure

Android dominates the mobile landscape not just in market share but in malware, according to new data from F-Secure.

Analyzing malware discovered during the first quarter of the year, F-Secure found that Android was targeted by 275 out of 277 "threat families." In contrast, iOS and Symbian each accounted for one a piece, according to F-Secure's "Q1 2014 Mobile Threat Report." And what exactly is a threat family?

In its hunt for malware, F-Secure analyzes samples of apps from app stores, developer forums, and other online locations. Any app infected by malware is placed into a family based on common code and behavior. A full 91 percent of all the families and threats uncovered are identified as malware. The rest are classified as unwanted apps that may pose a risk if misused.

The top 10 Android malware families accounted for 76 percent of all the threats seen last quarter, F-Secure said. And among all the apps collected and analyzed, almost 14 percent were malicious Android apps. Most of the malware samples discovered were Trojans, which attempt to surreptitiously send text messages, steal data, or download more apps onto the device.

F-Secure's latest Mobile Threat Report is based on app samples collected from January through March 2014 and then scanned and analyzed for potential malware. So how worried should Android users be over the threat of mobile malware? That issue has been an ongoing debate between Google and Android security vendors.

In the past, Google has charged that Android security providers exaggerate the threat of malware in order to hawk their own products. The security vendors have countered that argument by saying that Android's very popularity has made it an open target for cybercriminals.

Either way, the threat should not be taken lightly. Despite Google's efforts to better scan for and catch malware, malicious apps do continue to seep into the Google Play store. Just last week, researchers found malware in the form of wallpaper apps that tried to turn devices into bitcoin miners. Google was forced to remove five such malicious apps.

To better protect yourself against mobile malware, F-Secure offers six suggestions in its report:

• Lock your device. Make sure no one gains physical access to your device.
• Use anti-theft protection. You can use a tool like Android Device Manager to remotely lock or erase a lost or stolen device.
• Set up message barring. Android 4.2 introduced a feature that warns you of potential "premium rate" text messages. You can also ask your carrier to block premium-rate calls or messages.
• Download only from trusted sources. Avoid downloading apps from unknown third-party stores.
• Scrutinize permission requests. Check the permissions granted to each installed app.
• Scan downloaded apps. Use security software to scan each app before you install it.