With the rising popularity of Android powered smartphones and devices, Android malware has been increasing at an alarming level. According to security research firm Kaspersky Labs, the volume of new malware targeting Android devices nearly tripled in the second quarter of 2012 and this will only get worse in coming months. While the number of malicious programs targeting Android pales in comparison to the millions or so found on Windows, it is still a sizeable chunk that should worry any Android smartphone user who frequently download apps from the Internet.
Smartphone security firm Duo Security released a new free app dubbed X-Ray For Android that checks the operating system on consumer devices for known, but unpatched, security flaws.
X-Ray scans your Android device to determine whether there are vulnerabilities that remain unpatched by your carrier or phone manufacturer. Unlike antivirus software, X-Ray isn’t designed to compare the signatures of apps installed on a device with a list of suspicious applications. Instead, the app looks for the presence of certain privilege escalation vulnerabilities that are known to present on Android platform and which are exploited by malware to gain full, unrestricted control over an Android device.
These vulnerabilities go unpatched for many months due to conservative carrier patching practices and the malware authors capitalize on this. According to a research conducted last year by Bit9 Samsung took 316 days to patch its Galaxy Mini smartphone after Google released an Android update. Meanwhile, the fastest update – a Droid X patch from Motorola – still required 141 days to be released.
When X-Ray finds a vulnerable smartphone, it notifies the user. Unfortunately, the user with a vulnerable phone has only a limited number of options. The user can check their carrier or the phone manufacturer for an update, and if there is no patch, the only way out is to root the phone and install a third-party ROM such as CyanogenMod that may have patched the vulnerabilities.
The primary cause for worry is that many malicious programs are served from Google Play Store. Unlike the Apple Store, the Google Play Store is more open to developers, but that doesn’t mean that it is lawless wilderness filled with malicious wilderness. Google uses an automated scanning tool codenamed Bouncer to scan for known malware, spyware and trojans in the Play Store. They also run every app uploaded to the Play Store in a virtual environment and looks for behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags. Since the introduction of Bouncer, Google reported a 40% decrease in the number of potentially-malicious apps in the Android Market. But Bouncer is not foolproof, as evident from an early July Symantec report that identified two malicious apps in the Play Store that racked up between 50,000 and 100,000 downloads. The biggest source of Android malware is still from third party stores and websites that Google has no control over.
Even if you have an Android antivirus software, and stay away from alternative markets, I highly recommend you to download X-ray for Android and scan your device for vulnerabilities.