Security company Lookout released a report today which looks at the likelihood Android users in different countries will encounter certain types of mobile threats. Japan was at the bottom of the list, the US squarely in the middle, and India had far and beyond the greatest chance of encountering adware or malware.
First, the good news is that Android is still a relatively safe platform. “The chance of encountering a threat is relatively low,” said Lookout Security Product Manager Jeremy Linden. In the US, the chance of encountering something unseemly in a seven day period is only 1.66 percent.
It’s slightly more likely in Germany or the UK—with 2.37 and 2.16 percent, respectively. Japan was at the very bottom with 0.78 percent, but India topped them all with a whopping 5.49 percent.
The information was drawn from the five regions where Lookout had information on adware and malware threats in statistically significant quantities. See the full report below, in infographic form.
So High and So Low
The report demonstrates how dramatically mobile threats vary by region. Why this happens generally hinges mostly on money and local legislation. For instance, Lookout believes the root of India’s adware problem comes from a specific ad network that’s targeting the region.
“What we are seeing with adware in India is one SDK family dominating the region,” said Linden. Many game developers have monetized their apps by installing the ad network’s SDK. The ad network sends push-notifications to users, but it also sends users’ personal information to servers in China.
“One of the reasons we find this ad network especially dangerous is that we’ve seen code loaded dynamically and SMS permissions changed,” said Linden. “The ad network could be modified on the server side and potentially move into the very dangerous territory of sending SMS messages without permission.”
Lookout is withholding the name of the offending company, but did say that it would be listed among the dangerous ad networks Lookout will start flagging on June 24. This is part of the security company’s larger effort to get ad networks to behave better, or be automatically flagged as adware by Lookout.
On the flip side, Japan simply does not have the same avenues for monetization as other countries. “One thing that does not exist in Japan is no ability for premium SMS billing,” said Linden. This is a popular way for scammers to make money, usually by tricking victims into sending text messages which add charges to their cellular bill. Think of those “Text a Number to Donate” deals, but used for evil.
Without an easy means to make money, the bad guys have largely ignored Japan in these areas. As is often the case, cutting off the cash flow can stop threats in their tracks.
Who’s Watching You
Apps moving personal information off devices is of Lookout’s biggest concerns. With adware, for instance, some of these applications aggressively gather and transmit personal information from your device. “I would consider it a threat because in many cases adware is sending phone numbers and email addresses to a server,” said Linden, who went on to say that these servers sometimes exist outside the country in which the victim lives.
“We have no evidence that it’s being resold, but there’s no legal protection when your info enters some of these countries,” Linden explained.
When it comes to harvesting personal info, surveillance apps are among the most troubling. “This is distinguished from [other malware] because it’s generally installed by someone who knows the person,” said Linden. These aren’t super spy James Bond applications—think more a concerned parent or paranoid spouse.
“The apps aren’t illegal per se,” Linden told SecurityWatch. However, it may be illegal to install them without someone’s knowledge.
Should You Be Concerned?
Linden stressed that this report wasn’t meant to scare anyone. Instead, he said that Lookout’s goal was to keep people informed of the threats that exist.
For Android users, it’s probably more important to know what the threats are rather than the likelihood of encountering them. Understanding why it’s dangerous for ad networks to have access to your information, or how bad guys make money from text messages, will hopefully mean a few less victims and a few more safe users.http://securitywatch.pcmag.com