It would be safe to say that everyone is concerned about malware. Since computers have become commonplace and a nearly natural part of every day life, it is easy to assume that everyone is worried—maybe just a little, but definitely concerned—about their safety online. However, there are more people in the world who have a mobile device than a computer; and, furthermore, these days more of the younger generation use mobile devices than some kind of computer.
And that means, of course, mobile device malware has grown massively over the past several years. And, of course, that means Android devices are the most vulnerable to them.
This is not only true because of the popularity and presence of Android phones in societies across the globe, but also because the very nature of the Android marketplace makes it a risky venture for anyone. Because the Android operating system is, in fact, an open source platform, anyone can develop on it.
And sometimes “anyone” includes hackers and malware developers.
Google Play Store
It has been estimated that there are more than 1,600,000,000 Android devices in the world, currently in use. At least, this is what Google estimates. However, Google only tallies Android activations through Google Play—when a user first visits Google Play through their mobile device, Google counts it as an active device.
But what if that person never visits the Google Play store?
Or, what if you wipe your phone clean and then sell it to another person, who then activates it and visits Google Play? That device is NOT counted again, as its unique identifying number is already in the system.
So the number of active users could easily be much higher than 1.6 billion. Now, it is important to note that, at any given time, only a small percentage of active Android users are likely to be threatened by malware. However, as popularity and use grow, so will malware risk.
But here’s the thing. Most malware programs that people download onto their devices comes from somewhere other than the Google Play store. And the reason this happens has to do with available exploitations within Google’s permissions model. For example, when you permit an app to display ads, you probably assume this means something more like “ads while using the app” but some—albeit shady—developers will use that as a loophole to put ads in your web browser as well.
There are two strategies to reducing malware risk. Obviously, the first is to only download apps directly from the Google Play Store. Secondly, though—and only if you really want the app even though it is third party—is to read all of the fine print and the comments people say about it. Other users are your best resources for determining the legitimacy of any application.