Android malware: What developers should know

Android malware: What developers should know

February 26th, 2014 By: Stefan von Gagern
Anyone who knows how malicious software works is better able to protect himself and his apps from it. In particular, the Android platform is a frequent target. We show developers how to protect their apps against this.
Android malware: What developers should know

Android Malware
Android is the most popular mobile platform for malware on smartphones. (Credit: © alexfiodorov –

Google's Android operating system is not only number one in terms of distribution, but also the most popular mobile platform for malware on smartphones. Users constantly hear about new malware. This alone causes considerable damage and leads to a loss of trust in the app downloads and purchases. Google reacted to this and attempted to refute the scare stories ("Don't fear Android Malware").

Nevertheless, significant studies continue to arise that claim otherwise: According to the current security report from Cisco, for example (for download), 99 percent of all mobile malware attacked devices with Android in 2013. According to the study, Android users have a 70 percent probability of encountering malware, while for iOS users the probability is far lower at 14 percent.

70 percent of all Android users are affected by malware.
According to the Cisco 2014 Annual Security Report, 70 percent of all Android users are affected by malware. (Source:

Android as a target for hackers

Why do hackers concentrate on the Android platform? The answer is simple: Just as malicious software for desktop systems has concentrated on the target with the greatest potential for damage – Windows – in the mobile world, malware authors have their sights on Android. In addition, there are some weaknesses in the ecosystem that attract cyber criminals. Just as with Linux and Webkit, large parts of the Android source code are disclosed as open source.

What is a large plus for developers also represents an open door for creators of malicious software: Cyber criminals are therefore given an insight into the inner workings of the system and its weaknesses. Apple's iOS and Windows Phone hide a far greater proportion of the platform. In addition there are also strict approval processes for the App Store at Apple that represents the only channel for downloading apps. Developers often curse these mechanisms that are tiresome and time-consuming, but in the end protect users well.

Google also allows practically anyone to open their own download channel for Android apps outside of its official "Google Play" store. An additional problem that arises from this is the sluggish distribution of updates: Google generally develops and publishes patches rapidly, as soon as a security problem is detected. However, the decentralized structure of the app stores can mean that it takes a long time for updates to reach everyone – a lot only reaches end customers via hardware manufacturers or mobile communications providers. Therefore viruses often have a lot of time to spread. Through its central App Store, Apple can quickly provide countermeasures without intermediaries.

Knowing the threat

It is important for developers to know the platform and its dangers. Classic computer viruses are malicious programs that spread from device to device. It is not impossible, however unlikely, to program these kinds of viruses for Android devices. Instead, parasites are preferred that generally induce users by means of deception into actions that harm them, for example that cost the user money. Typical examples are as follows.

Android trojans typically ask for permission
Android trojans typically ask for permission and access to a great deal of sensitive data and initiate processes that cost money. (Source:
  • Malware and fake apps
    During installation, malware apps request permission to access many personal things, e.g., in order to perform actions for which there is a charge, to access personal contacts and much more. Once authorized, they often cause damage in the background and, for example, send SMS messages to expensive numbers abroad. The "Obad" trojan works along the same lines as this example and is also difficult to uninstall. Other apps, such as "ZitmoUrlzone" intercept mobile TANs, that are sent to users during online banking processes. Malware often disguises itself as very popular apps, games or content from service providers. Similar to phishing on the Internet, they attempt to access the login data of the user – for example, by pretending to be Skype or similar.

Fake app stores
Fake app stores are confusingly similar in appearance to the original stores and often distribute malware. (Source:
  • Fake app stores
    The burning question is often: How do malicious apps make it onto the device at all? It is all a matter of camouflage! The malware programmers often lure their victims in Android market places that are deceptively similar in appearance to Google Play, for example. Those who do not look closely at the address bar of the browser will hardly notice that they are in the wrong store.

What can developers do in order to counteract mistrust?

In spite of the Google Play store, the Android ecosystem remains highly fragmented. Developers should therefore do all they can to instill as much trust as possible in downloads of their apps. This means that they should offer their apps over trustworthy sales channels for Android apps, such as the official Google Play store or the Amazon Appstore.

In addition, it makes sense to provide as much information as possible and inform the target group of the developer and publisher. The customer can therefore see where the app originated.

It also makes sense to only obtain permissions that the app actually requires in order to function. Access to too much private material creates mistrust.

Last but not least, the code used in their own apps must be clean. In the age of open source and many reusable components, it pays to test in all eventualities how secure the code used in their own apps is against attacks or whether potentially malicious source code has crept in. The key concept here is analysis of dynamic and static code. Tools such as the Code Analyzer make it possible to automatically scan the code used in your Android app. Regardless of the language, the tool finds security vulnerabilities and helps to clear them. Three scans are free, you can initiate a test run here.

About the author
About the author

Stefan von Gagern works as a freelance journalist in Hamburg. Since 10 years he covers web and mobile technologies and –development. He also works as a consultant, helping companies to build websites, mobile and social media. At Kiel university of applied sciences he teaches media conception. In his free time the gadget fan loves to write music as a singer/guitar player in bands and his home studio.

Contact: Homepage | Twitter

Join our RSS feed!

Our Evangelists Blogs

Evangelists News

Following articles are content of the authors personal site and do not represent the thoughts, intentions, plans, or strategies either of Developer Garden or of Deutsche Telekom AG. They reflect only the authors own personal position and the minds of those who have posted comments.

    • Wie kommt man schnell zu neuen Ideen und wie prüft man diese frühzeitig auf deren Nutzen und Umsetzbarkeit? Gerade im Rahmen des digitalen...