Antivirus vendor McAfee's latest quarterly threat report singles out Android, yet again, as the established favorite of cybercriminals targeting mobile platforms.
In November 2011, the company issued a quarterly report saying essentially the same thing -- mobile malware was increasing, with Android the favorite target. It did so again this past February, and then again in June.
Reactions within the security community have ranged from sardonic to serious. In the view of some security experts, this is not news. It is scare-marketing, designed to sell more antivirus products to panicked mobile users.
There is no need, they say, for a study to tell people what they already know -- that the most popular mobile operating system is going to be the most popular target of the bad guys.
In March, a reader going by the alias "fotoflojoe," posted in response to McAfee and other reports on malware attacks on Android: "In other news, water is wet and the sky is blue."
Last November, the focus on Android prompted a ferocious response from Chris DiBona, Google's open-source programs manager, who said the reports exaggerated mobile malware, and said mobile operating systems such as Android, iOS, and BlackBerry, don't need antivirus software.
"Virus companies are playing on your fears to try to sell you BS protection software for Android, RIM, and, iOS," DiBona said. "They are charlatans and scammers. If you work for a company selling virus protection for [them], you should be ashamed of yourself."
But there are others who say McAfee's reports are providing a valuable service, because they go well beyond an amorphous, "things-are-bad-and-getting-worse" declaration, into detail about how much worse and in what ways.
They are also valuable because too many users apparently don't know it -- they still haven't gotten the message that mobile devices need just as much protection as PCs, since they are fully connected to all the benefits, and therefore the dangers, of the Internet.
Network World reported this week that exploits that are no longer effective on PCs are being successfully used to target smartphones, in part because of a low rate of anti-malware protections.
That is not necessarily the fault of an open-source platform like Android. "Carriers rarely provide updates to smartphones that fix vulnerabilities. Over 75% of the Android smartphones are running version 2.3X (released Dec. 6, 2010) or earlier versions," the report said. "As a result, vulnerabilities that have been repaired have not been released and downloaded to older smartphones by a software management system like those used to update PCs with the latest security patches.
The McAfee report said that not only has mobile malware grown -- it detected 1.5 new malware samples during the quarter -- but has also expanded into new types of attacks, including drive-by downloads, the use of Twitter for control of mobile botnets, and ransomware. McAfee's database of dangerous programs grew to more than 90 million, and is expected to top 100 million by next quarter.
Sign up for Computerworld eNewsletters.