G Data has released the Mobile Malware Report for the first half of 2019 and counts 10,000 new infected Android apps per day. Despite the high number of infected apps, it is not only not a new record, but even a slight decline compared to the previous year.
In the first six months, around 1.85 million new malicious apps were counted. Between January and June 2018, G Data security software developers discovered more than 2.04 million infected apps – a drop of around 9 percent. According to Alexander Burris, Lead Mobile Researcher at G Data, the danger is still very high, and its widespread adoption makes Android smartphones an attractive target for cybercriminals. The number of malicious code-aware apps is now nearing the 100 million mark, reaching over 94.2 million by the end of June.
Too many Android versions increase risk
G Data sees a reason for the still high threat potential with Android also in the still large fragmentation with the used operating system. Android 9 is only installed on around 10 percent of Android smartphones and Android 8 is used in about 28 percent of all Android smartphones. More than 60 percent use an outdated Android version, which was released before August 2017. G Data advises, therefore, before a new acquisition to inform beforehand whether the manufacturer regularly provides updates for their own smartphones.
Using devices with old versions is like unprotected sex.
Alexander Burris, Lead Mobile Researcher at G Data
Cheap smartphones bring the malware with them
Frequently, however, the users themselves are to blame for the risk they expose themselves to, because they do not install available updates. As a third risk sees G Data cheap smartphones from China, which are already delivered with malicious software. The malware, which is unnoticed by the user in the background, does not disable itself in these cases.
Google plans new update mechanics with Android Q
On the positive side, G Data rates Google's security enhancements last year. However, many vendors of cheaper devices bypass the Play Store to save royalties. “If you do not install apps from the official Google Play Store, you are at much greater risk of downloading an infected app“Warns Alexander Burris. Google's recent announcement to migrate large parts of the update infrastructure for Android Q and to update the system components independently of OEMs could improve security and solve the problem of missing updates.
Malware apps installed more than 100 million times
According to G Data, the most successful Android apps with malware are the “SimBad” apps, which come to around 150 million installations, “Operation Sheep” with over 111 million downloads and “Agent Smith”, which is already more than 25 in Asia Has infected millions of Android smartphones. The latter, after installation, replaces other apps with clones that deliver advertising and generate revenue for developers.