Beware of Mobile App Malware

Malicious attacks within mobile apps are very possible, and much more common than we might think. Yet, security testing is often overlooked. So how many of our mobile apps actually contain security vulnerabilities?

According to a recent finding, hiding within our Android smartphone or tablet devices are massive amounts of app-based malware. The British Telecom recently did a study that showed that almost all Android devices are infected. As covered by Rick Merritt of EETimes:

“‘We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware,’ said Jill Knesek, head of the global security practice at BT. ‘Almost every device is compromised with some kind of malware, although often it’s not clear if that code is active or what it is doing,’ she said in a panel discussion at the NetEvents Americas conference here.

Wayne Rash, a technology journalist moderating the panel, said he was reviewing a Samsung Galaxy S3 handset and found malware in an Android applications provided by Google. ‘This is a device considered by some people to be the best smartphone on the market right now,’ Rash said.

‘There’s plenty of anti-malware software available for Android and other mobile operating systems, but companies don’t often insist on using it,’ Rash added.”

Numbers aside, mobile app malware is definitely increasing in-the-wild. Anti-virus software is great, but more importantly developers need to security test their applications regularly. Because security threats are always changing- testing is not a one time deal. With thorough testing, development teams should be able to identify and resolve any risks or vulnerabilities.

Since these findings only account for Android apps, the British Telecom says it will be testing other operating systems for malware in the coming months.

Let’s hear from security testers; do you think the British Telecom’s findings are accurate? Let us know in the comments section.


Leave a Reply

Your email address will not be published. Required fields are marked *