As smartphones have risen in popularity, the price ceiling for getting a smartphone has decreased dramatically. A direct consequence of the steep price drop in hardware along with plummeting data costs for mobile broadband plans means that our handheld companions have become one of the most affordable ways for people across the world to access the Internet. However, the Internet, like real life, is full of scammers and cheaters. According to the latest report by Cheetah Mobile, many of the first-time smartphone users, especially those from developing economies like India, are falling prey to their nefarious apps from dubious sources.
India, currently the world’s second largest smartphone market with nearly 239 million users, is also home to nearly 17.8% of all infected devices across the world. This is especially worrying, a major reason behind the boom of the smartphone revolution in India has been the introduction of affordable devices in Tier 2 and Tier 3 cities as well as in smaller towns. The majority of the population that are coming online through these smartphones are experiencing the internet for the first time. Obviously, they are not prepared for the barrage of intrusive ads and apps that hijack their smartphones and rack up storage as well as data bills. How will the menace of the infected smartphones affect the Indian device ecosystem? We find out in today’s analysis!
Smartphone Viruses: A New Threat to the User Experience
As the global market share for Android has gone past 80% in the past few years, it makes sense now that the number of people trying to exploit the platform’s weaknesses will continue to grow. In fact, over the last year itself, we have seen the number of malware and viruses targetted specifically for Android are well over the 9.5 million, a YoY increase of 240% from the 2.8 million of 2014. What is even more worrying is that Cheetah estimates nearly 1 million smartphones in India were affected by viruses as of December 2015, and the numbers have continued to grow even larger with time.
While Google is trying very hard from their end to keep the Android platform safe for users, most of these apps are not downloaded from Google’s Play Store, which means that Google Play Services have no means of monitoring such apps and their behaviours. As the graph above portrays very clearly, these top 10 viruses are the main culprits as they alone contribute nearly 45% towards all infected smartphones in India.
Below we will be taking a quick look at the major characteristics of each one of these viruses before we focus our attention once more on how much damage these malicious apps can inflict as well as where they’re getting onto their host devices from.
- Turning or Charging Your Phone Virus
- Installing or Uninstalling Apps Hijacker
- App Overlay Hijacker
- App Exit Virus
- Pop-up Ad Spammer on Notification Shade
- Shortcut Virus for Bloatware Apps on Desktop
- Full-Screen Ads Hijacker
What is the major unifying factor in all of these viruses? They are looking to either hide behind UI elements or using an overlay to capture the clicks of the user for malicious intent. We did a detailed research on such a screen jacking virus in Android not so long ago; wherein we concluded that despite the 500 million devices running older versions of Android; only a thin slice of the pie were at risk from accessibility clickjacking as Play Services prevents such apps from gaining administrator control on devices. So the question that then arises is how are so many Indian devices getting infected and what can we do to stop it?
How To Combat Viruses in Android Devices
Google has been proactive in finding out glitches and hacks in the Android System ever since the Stagefright exploit came to light putting millions of Android devices at risk. They have in recent times even bumped up the rewards for pointing out bugs in the Android OS as a means of encouraging more researchers to find out vulnerabilities in the world’s leading smartphone OS. However, this layer of security by Google is undone if the user steps out of the protective circle of the Play Store.
This is precisely what has happened with many of these downloads as we have seen that a significant number of these spurious downloads have come from none other than porn sites. India, the third largest consumer of pornographic content in the world recently had around 857 popular porn sites blocked by ISPs as per Government orders. The intent though questionable, the Indian government has for quite some time been cracking down on illicit services on the Internet.
How is this relevant to today’s topic at hand? As pornographic content becomes more difficult to access for the country of a billion and a half; the search for sexual gratification on the Internet leads users to some shady websites which are loaded top to bottom with such malicious apps and ads. 5 out of the top 10 apps that are infecting Indian smartphones are root apps that aim to gain root permissions on your device and seek to gain the total control of your system. By ignorantly downloading such apps, deluded by the fake promise of promiscuous ads, the Indian consumers are relinquishing control of the private information on their phones as well as incurring huge data losses.
So what can OEMs and consumers themselves do to protect their devices from the clutches of such malware and viruses? We have broken it down into two actionable segments with the first part of it geared more towards the end user while in the next part we have detailed what the OEMs can look to implement to safeguard their devices against such malware.
- Improve Netiquette Among Smartphone Users: One of the primary reasons that so many Indian devices are affected by these viruses is that Indians tend to be gullible, and that is a huge risk especially on the internet. Even for first-time Internet users, the Indian smartphone consumer must be more informed before stepping out into the treacherous Internet Kingdom. A basic knowledge of Internet Network Security and Scam and Malware with go a long way in alleviating such issues.
- Not Downloading Apps From Unknown Sources: The Google Play Store is one of the best-protected environments for downloading apps and users should refrain from downloading apks (apps for Android) from unknown sources. However, this is much easier said than done as a recent report of top Utility apps have revealed that Indian users love using Xender, an app that allows users to share apks. Coupled with the fact that most apps cost way more than what the average Indian consumer is willing to dish out, the inconvenience associated with paying via the Google Play Store; it is no surprise that most Indian users seek out other sources for their apps and as a result become easy victims.
- Using a Stable Anti-Virus: Although a good idea on paper, Antivirus apps on Android can be a double edged sword as a recent report has revealed that they have the highest rates of crashing and failing among all other Android apps. However, having a good antivirus becomes a must especially if you download from outside the Play Store and for most people, the default Play Services which is estimated to perform 400 million scans daily and protect around a billion devices worldwide is a solid bet.
While the onus lies mostly on the consumers to educate themselves about the risks of downloading apps from the Internet, the OEMs cannot be let scot-free either. These are some of the features that Android OEMs should look to implement in their devices to ensure a better experience for their userbase:
- Stop Preloading Malware Into Budget Devices: While bloatware is already hated yet present on most of the budget devices, a few companies have gone above and beyond that by infecting their own devices with remote download apps so that they can use the user’s data to install apps onto the handsets and pocket a few more pennies out of the resulting ad impressions. Micromax particularly had been found guilty of this malpractice early last year.
- Providing Updates: One of the main reasons that Android fragmentation remains a huge issue in India is that the majority of devices in $100-$200 price point doesn’t receive any OS upgrades from the OEMs. This leads to a huge chunk of users getting stuck on older versions of Android that are vulnerable to hacks and worms that exploit the weaknesses of the older software versions.
The battle against viruses and malware is an uphill task not only for consumers but also for app developers and publishers alike. As smartphone penetration crosses over the 50% mark worldwide, we see that hackers have turned their attention to every aspect of the ecosystem including budding services like mobile payments. We await to see what new technology and measures are implemented into our pocket companions in the coming years as OEMs, merchants and consumers alike gear up to take this menace head on!