Unlike Apple, Google does not have a strict approval process in place for its Android Market, and while that might make for a more open environment, it also makes the store vulnerable to some dangerous apps.
According to data from Juniper Networks, malware in the Android Market has jumped 472 percent since July 2011.
"The months of October and November are shaping up to see the fastest growth in Android malware discovery in the history of the platform," Juniper found in its annual Malicious Mobile Threats Report. "The number of malware samples identified in September increased by 28 percent over the number of the known Android malware samples. October showed a 110 percent increase in malware sample collection over the previous month and a striking 171 percent increase from what had been collected up to July 2011."
With more targets, meanwhile, the scammers become more sophisticated. Some of the malware making the rounds in early spring had the ability to gain root access to a device via infected apps, but now, "just about every piece of malware that is released contains this capability, simply because the vulnerabilities remain prevalent in nearly 90 percent of Android devices being carried around today," Juniper said.
What are these apps after? Most are targeting communications, location, or other personal identifying information. About 55 percent of malware is spyware and 44 percent are SMS Trojans, "which send SMS messages to premium rate numbers owned by the attacker in the background of a legitimate application, without the person's knowledge."
Scammers targeting the Android Market aren't new to the game, however. Juniper suggests they are the same people who took advantage of Symbian and Windows Mobile back in the day. "They shifted to Android given it gains significant market share when compared these legacy platforms," Juniper said.
The proliferation of malware on Android doesn't necessarily make it any less secure than Apple's iOS, Juniper said.
"The main reason for the malware epidemic on Android is because of different approaches that Apple and Google take to police their application stores," the firm said. "These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications. With no upfront review process, no one checking to see that your application does what it says, just the world's largest majority of smartphone users skimming past your application's description page with whatever description of the application the developer chooses to include."
During a May hearing on location tracking, Google said it does not monitor apps once they are added to the Android Marketplace, in the interest of openness.
"We've chosen not to be the gatekeeper," Alan Davidson, now former director of public policy at Google, said at the time. "We don't generally go back and try to make sure that every app does what it says it's going to do. [Google is] really trying to maximize the ability of small app developers to get online."
Apple also appeared at that hearing, where Guy Tribble, vice president of software technology, said the company conducts random audits on apps that have made it into the App Store.
Back in August, Lookout Security found that app- and Web-based threats were increasing in prevalence and sophistication, and that Android users were 2.5 times more likely to encounter malware than they were six months ago.
For more, see How Android Malware Makes Money.