Mobile industry watchers have long known that Android is under attack. The number of high risk and dangerous apps targeting Android users jumped from 30,000 in June to 175,000 in September, Trend Micro said in its third quarter security roundup.
While some apps are clearly criminal - such as those that secretly purchase premium smartphone services - others are more of a privacy threat. These include "Aggressive Adware" apps that collect more personal information than the user has authorized. App developers may even be aware of the problem, thanks to the existence of rogue ad networks.
"Though most adware is designed to collect user information, a fine line exists between collecting data for simple advertising use and violating one's privacy," Trend Micro said. "Because adware normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out."
Many of these issues are less of a problem in the United States and more worrisome in other countries, such as China and Russia. In those countries, users commonly use third-party app stores, which have much more lax standards of security. A previous review of mobile threats by security firm Lookout estimated that more than 40 percent of the devices in Russia are infected by malicious software.
Trend Micro noted that fake versions of legitimate Android apps are the most prevalent type of Android malware. This quarter, data-stealers like Solar Charge and premium service abusers like Live Wallpapers in China or fake versions of best-selling apps that spread in Russia further raised concerns about the open nature of the Android ecosystem.
Researchers with Trend found evidence that a series of attacks linked to Chinese hackers that focused on Indian and Japanese military agencies, as well as Tibetan human-rights groups, may include component for infecting Android devices in the future. The Android apps were under development and could steal information as well as install additional components on the phone. Trend Micro also examined threat landscape for non-mobile endpoints.