Let’s start by defining “malware”. Sometimes incorrectly called a “virus”, malware is a malicious piece of code. There are several kinds, but on the Google Play Store it all starts with a “trojan”, or Trojan horse, which will take place in an app and then activate another malicious mechanism once it is installed in the smartphone. This can be a “dialer”, which will dial premium rate numbers when your back is turned, an “adware” which will show you advertisements or malware which will automate the theft of bank data (by granting itself the rights to your text messages to thwart double authentication).
The poor buggers who have cryptocurrency wallets on their smartphones can also be robbed and that’s not counting the overpriced subscriptions that can be taken out behind your back and taken directly from your SFR, Orange, Free or Bouygues bill. The imagination of the creators of this malware is limitless.
Malware stealing your bank data detected on the Play Store, four applications to be removed urgently https://t.co/qD2dz5ev1O
— Universe Freebox (@UniversFreebox) July 12, 2022
70% market share
But why is the Android system more affected than its rival? The first reason is the proportion of Android terminals in the general population: 70% of smartphones in the world are equipped with this OS. That’s why, when malware is detected on the Play Store, the numbers seem crazy. We remember the 500,000 downloads during the first wave of contamination by Joker, which in fact only concerned about twenty apps. Lately, 30 contaminated apps have been downloaded more than 10 million times. A gigantic “park” of potential victims.
If you’re a money-hungry hacker, you’re going to hit the biggest target first. Why not the two of them ? Because the programming languages for one and for the other are different. It is therefore more profitable for a hacker to make two malicious Android apps than one app for both systems. Apple’s OS is also more closed, more compartmentalized and fully under control. Finally, the processes for accepting apps on the Apple Store and on the Google Play Store are not the same.
There are other reasons why I feel iPhone is more secure than Android, but Google’s overly permissive app store is a big one. @Google sweaters #malware infected apps in its Store, over 3 million users at risk: https://t.co/I8tHvUApo6 via @theregister
— Taproot Security (@taprootec) July 23, 2022
Work to be done
At Apple, all apps are thoroughly checked. This process takes a month while it is almost instantaneous at Google. While Apple’s system isn’t foolproof either, that’s probably where Google should focus its efforts. Admittedly, there are twice as many apps on the Play Store as on the Apple store (3.6 million against 1.8), but can’t Google deploy twice as many resources? Not easy.
It must be said that the creators of malware use effective methods to bring the wolf into the fold: triggering the viral load after a few hours to allow time for the app to be validated, encryption of part of the smart code to pass unnoticed or download additional content outside the Store presented as a promotion or giveaway. Even being vigilant, Google cannot do much in these cases unless it restricts certain freedoms.
Our advice to avoid the worst…
If you don’t want your Android experience to look like a Stations of the Cross, you will have to avoid risky behavior and stop downloading what we call “bullshit apps”: beauty filters, GIF directories , stickers or emojis, themes, wallpapers, photo editing apps, visual effects or apps that make a profit. We all agree that it’s a lot of fun, but it’s certainly not worth turning your smartphone into a toaster or losing a few hundred or thousand dollars for it.
You risk nothing with WhatsApp or the latest app for Bobos plastered in the Paris metro (something that looks really too cool, but which ultimately involves the exploitation of migrants), but if you have to download an unknown application, pay close attention to negative comments. Some users are indeed faster than Google to detect things that are wrong. Also pay close attention to the permissions requested by the app in question. If the app that goes “prout” asks you for access to your contacts, your files, your SMS or your camera, it’s suspicious.