Is that app safe? According to Wednesday data from Lookout Security, app- and Web-based threats are increasing in prevalence and sophistication, and Android users are now 2.5 times more likely to encounter malware than they were six months ago.
Examining aggregated data from 700,000 apps and 10 million devices, Lookout found that three out of 10 Android users are likely to encounter a Web-based threat on their device each year. In January, there were 80 infected Android apps, which jumped to more than 400 apps cumulative by June, the report said. Lookout estimated that between 500,000 and 1 million people were affected by Android malware in the first half of 2011.
Google declined to comment, but the search giant is well-aware of malware on its mobile OS. In recent months, it has removed a number of apps from the Android Market for malware-related offenses and earlier this year, it remotely nuked some of those apps from users' phones. On the search front, Google last month also announced plans to issue warnings to users who might have been infected with malware on the Web.
During a May hearing on location tracking, Google said it does not monitor apps once they are added to the Android Marketplace, in the interest of openness.
"We've chosen not to be the gatekeeper," Alan Davidson, director of public policy at Google, said at the time. "We don't generally go back and try to make sure that every app does what it says it's going to do. [Google is] really trying to maximize the ability of small app developers to get online."
Apple also appeared at that hearing, where Guy Tribble, vice president of software technology, said the company conducts random audits on apps that have made it into the App Store.
The Lookout report, meanwhile, found that attackers are using increasingly sophisticated attacks in order to take control of phones, personal data, and money. That includes malvertising, whereby scammers buy ads within apps that direct users to infected Web sites, and upgrade attacks, which involve the release of a legitimate apps that are infected with malware in subsequent updates.
In June, the FBI busted an international "scareware" ring that used malvertising and pop-up fraud to scam Internet users out of $74 million.
Lookout said the likelihood of encountering malware varies from less than 1 percent to more than 4 percent, depending on your country (click map above for larger image). Most attackers are looking for money, but the report said "the sheer amount of personal information stored in our smartphones also becomes a target for attackers to get creative."
On the lifecycle of malware, Lookout said "attackers frequently insert the same malicious code into multiple apps and create variations of the original malware." The DroidDream malware that made headlines recently, for example, accounted for 80 infected apps alone.