In a mobile security report by Cheetah Mobile, the company claimed that in 2015 as many as a million Android mobile devices were infected in India. The report was perceived from a data base of 567 million global monthly active users and an installation base of almost two billion users using Cheetah Mobile’s utility applications.
According to Visual Networking Index study by Cisco, India is the second largest smartphone market globally. In India, there were 590.3 million (47 per cent of India's population) mobile users in 2014, up 18 per cent from 500 million (40 per cent of India's population) in 2013. Thus, this makes India the second most infected country after China in terms of viruses too, owing to the large Android user base and third-party app markets, as claimed by the Cheetah Mobile report.
While one million seems to be a small number in the face of the total number of smartphone users in India, what one should focus on is the rising number of Android viruses which, according to the survey, has exceeded 9.5 million, as opposed to the 2.8 million in 2014. This is a growth rate of over 22 per cent.
Bhanu Prakash Valluri, Vice President- Product, App Vigil thinks the threat might be larger. He believes that one million is just the number of devices reported. He believes there may be much more service malware under the blanket, taking the estimate much higher.
This is especially a point of concern as, according to a report by IAMAI and market research firm IMRB International, the number of local language Internet users is 127 million as of June 2015 and is growing at 47 per cent year on year, owing to the increasing use of smartphones in rural areas of the country.
According to Bhanu, the non-tech-savvy mobile users or the first-time smartphone users can be a major challenge to address when it comes to mobile security.
“E-commerce companies can be a wet blanket on that front as they entice these first-time users, (where they see a big potential market) through promotional discounts. This inculcates in them a behaviour of tapping on promotional pop-ups, which tends to follow through for other promotion malware, ” he adds.
According to the Cheetah Mobile report, more than 55 per cent Android users have been affected by malicious promotion malware, popping up either as advertisements or forced installations of unwanted apps. Privacy theft Trojan is a common one amongst these malware, which hides in mobile users to steal text messages, contact information, location and personal photos.
The report also quotes that 60 per cent of the 9.5 million Android viruses is related to mobile payments. The report quotes that mobile payment malware can be disguised as normal payment pages enticing users to enter personal information, ID information, bank account information, and phone number.
As many as over eight lakh Android users were affected by malicious promotion malware, while mobile payment viruses cost information loss to more than three lakh users.
Morality of the ecosystem
Bhanu believes that the focus should ideally be on deploying secure apps. Security should be not seen as a luxury but an essentiality. While developing an app, security should be as high as functionality.
This is because newer APIs are being introduced by developers almost every day increasing the attack surface area for malware. Moreover, the trust placed on smartphones has gone up drastically with users using them to transact and pay for big-ticket items.
Bhanu adds that the morality in the ecosystem has increased where the apps developed are asking for more permissions rather than just asking for a list of them in one go before installations. Also, apps are built in a way where you can just manually feed inputs (in case of taxi apps) rather than give away critical information.
However, there is a need to take private information more seriously by having more policy changes. Publishers should be transparent about what information is being utilised from the user before installation. Moreover, it is technically possible and executed by policy that an app can’t be published if it doesn’t justify its permissions.
In 2015, following were the top vulnerabilities which took centre stage, according to the report:
Following is an infographic depicting more facts on the mobile security concerns:
Tarush is driven towards delivering unbiased and accurate reportage while engaging with as many mediums as possible to narrate a fresh perspective. Working for the past few years in the digital space with YourStory, he has covered the Indian technology ecosystem extensively, focusing on new age Fintech companies, while building strong connects within the industry.