SophosLabs has released a malware forecast to coincide with the start of RSA Conference 2017.
Typically, our research papers focus on Windows, which has traditionally been the largest battleground. While some of the report does indeed look at Microsoft-specific challenges, we decided to focus more on the increasing malware threats directed at platforms where the risks are often not as well understood, specifically Linux, MacOS and Android devices.
The online game of the moment is Pokémon GO, a mobile phone app that became so popular so quickly that its availability was limited outside the USA in order to stop the game servers being overloaded.
But what about everyone outside the US who wants to join in the fun?
On iOS, there’s not a lot you can do to install apps from alternative markets, because Apple only officially supports the App Store for downloads.
On Android, however, there’s an option called “Allow apps from untrusted sources” that opens up your phone to software from anywhere, not just Google Play.
So, millions of people all over the world are deliberately lowering their Android security settings to pirate Pokémon GO from unofficial download sites.
Is it safe to do this?
After all, millions of people have already pirated the app, apparently without anything bad happening, so surely the many millions who follow the crowd will be OK, too?
For the 11th time in a row, Sophos Mobile Security has received a perfect 100% protection score in the May 2016 edition of AV-TEST’s “The best antivirus software for Android” comparison, after successfully detecting all of the 3,300+ samples used.
We also scored 6.0 out of 6.0 for “usability,” which includes both performance and false positives (of which we had none). You can read the full test results here.
In my job at SophosLabs, where I’m in charge of working with the independent testers who examine and rate our security products, I deal with a lot of statistics. Here are a few numbers that make me especially proud of the work we do.
Out of roughly 25 Android security applications tested throughout 2015 by AV-Test, only one achieved a perfect 100% protection score for the whole year, across six tests in all – Sophos Mobile Security.
In recognition of our perfect protection scores, AV-Test has given us its Best Protection Award for Android Security at the 2015 AV-Test Awards.
It’s quite an accomplishment when you consider how many malicious Android apps we were asked to protect against – a total of 29,030 samples for the year, all of which we detected and blocked.
People are always looking to save time and money, and hopefully both, with technology. Businesses and consumers love smartphones and computers because they are massively multi-functional, super-fast and efficient. We’ve been doing this for a long time – the spork, that funny looking multi-purpose utensil, dates back to 1874!
More recently, mobile application developers have used cross-platform development tools to increase efficiency in churning out apps that work in all three of the major mobile operating systems – Android, iOS and Windows.
Malware authors are no different. At SophosLabs, we have seen an increase in malicious apps written with cross-platform development tools such as PhoneGap, Titanium, Unity, Xamarin and Cocos2d.
Android has developed a bit of a reputation for poor security, especially compared to Apple iOS, thanks to numerous vulnerabilities like the recent Stagefright and the explosion of Android malware in recent years.
Google has certainly taken steps to address some of the inherent weaknesses in the Android platform, with Android 5.0 (Lollipop) adding features that merit closer inspection – as SophosLabs researchers Rowland Yu and William Lee have done in an excellent paper they presented at the recent Virus Bulletin International Conference.
Their paper – titled “Will Android Trojan, Worm or Rootkit Survive in SEAndroid and Containerization?” – examines these new security features in Android 5.0, and what they mean for data security in corporate devices.
If you’re an avid Android user like me (and over a billion other people on the planet), you’re probably at least a little bit aware that Google’s crazy-popular mobile OS comes with some security drawbacks.
For one, the ability to install apps from third-party app markets makes Android more vulnerable to malware than iOS – Apple devices can only get approved and vetted apps from the App Store.
Unlike your iPhone-toting friends, however, you can use an antivirus to protect your Android (Apple won’t allow iOS antivirus apps in its Store). Even better, you can get the best Android security app from Sophos, and it’s completely free.