One in every 10 Android apps 'contains malicious code': US-China study
A joint study by computer scientists from the US and mainland China found that one in every ten Android apps contained malicious code.
Using a new algorithm that could detect malware and viruses within apps in less than 10 seconds, the team scanned 1.2 million Android apps on more than 30 major app stores around the world, about a tenth of them contained malicious code.
Over 2,000 of these apps had each been downloaded more than 50,000 times, meaning at least 100 million users were exposed to security risks.
The paper, with Chen Kai of the Chinese Academy of Sciences' State Key Laboratory of Information Security as lead author, has been accepted to the Usenix Security Symposium, an annual gathering of international security experts to be held in Washington DC later this year.
Full content of the study was not disclosed, but a report on the academy’s website said that their new detection method could trace the “origin” of source codes in an Android app and analyse their internal structure for suspicious traits.
Scientists were able to discover unknown security threats with unprecedented speed, and the study had generated “huge repercussion” in mobile software industry, the report said.
It is unclear whether the same algorithm could be applied to iOS apps. The researchers could not immediately be reached for comment.
According to a report by Singaporean security company Pulse Security this week, 97 per cent of mobile malware targeted Android devices.
There are about 1.5 million Android apps and 1.4 million iOS apps currently available to download.
Tang Wei, senior engineer with Chinese security company Rising, said Android users inevitably faced greater security challenges than iOS users because it is an open environment.
Android is open source, and any company or individual can create and distribute apps, whereas iOS apps must be approved by Apple before they can be downloaded through the iTunes store.
“An Android user must be very careful when downloading an app, must make sure it comes from a trustworthy source, and must verify every rights request before installation,” Tang said.
He said that mainland Chinese Android devices users faced greater risk because they could not access the official Google Play market due to the censorship of Google services by the authorities, and therefore had to download apps from alternative markets.