Experts from NortonLifeLock (formerly Symantec) and the IMDEA Software Institute in Spain have published the results of an interesting study, which is the largest of its kind to date. This is how the researchers determined that malware mostly gets to Android devices via the Google Play Store.
For example, the researchers studied the channels through which malicious applications reach users’ devices, and the conclusions were disappointing.“We revealed that the Play market is indeed the main app distribution vector of both benign and unwanted apps, while, it has the best defence against unwanted apps. Alternative markets distribute fewer apps but have higher probability to be unwanted”, — say the researchers.
Telemetry data provided by NortonLifeLock was used for the analysis. Thus, the origin of applications for 12 million Android devices was studied for the period from June to September 2019. In total, over 34,000,000 installed APKs for 7,900,000 unique applications were analysed.
The researchers write that, depending on the different classifications of Android malware, between 10% and 24% of the applications they analyse may be considered malicious or unwanted.
It turned out that such applications reach users’ devices in 12 main ways:
- applications are installed from the official Google Play Store;
- apps are installed from alternative directories (third-party app stores);
- applications are loaded through browsers;
- applications are installed using commercial PPI programs (pay-per-install);
- applications are installed using backup and restore operations;
- applications are installed through instant messaging programs (messengers);
- applications are installed through theme stores for phones;
- applications are downloaded and installed via a local file manager;
- applications are installed through file sharing applications;
- applications are already installed on the device “out of the box” (bloatware);
- applications are installed via MDM solutions (applications installed by enterprises on the devices of their employees);
- applications are installed using package installers.
According to the study, about 67.5% of detected malicious applications were taken by victims directly from the Google Play Store. The second place with a large lag is occupied by alternative app stores, which account for only 10% of installed malware.
Thus, the researchers disprove the popular belief that Android malware mainly originates from third-party stores and other unreliable sources.
Google representatives have not yet commented on the results of this analysis.
Let me also remind you that Brazilian malware Ghimob learned to attack mobile devices around the world.