- Apr 24, 2016
Read the full story here at ZDNet:Mammoth research project using Symantec (now NortonLifeLock) telemetry confirms what everyone suspected.
The official Google Play Store has been identified as the primary source of malware installs on Android devices in a recent academic study — considered the largest one of its kind carried out to date.
Using telemetry data provided by NortonLifeLock (formerly Symantec), researchers analyzed the origin of app installations on more than 12 million Android devices for a four-month period between June and September 2019.
In total, researchers looked at more than 34 million APK (Android application) installs for 7.9 million unique apps.
Researchers said that depending on different classifications of Android malware, between 10% and 24% of the apps they analyzed could be described as malicious or unwanted applications.
But the researchers focused specifically on the "who-installs-who relationships between installers and child apps" to discover the path malicious apps take to reach user devices.
The research team said it looked at 12 major categories that result in app installations, which included:
The results showed that around 67% of the malicious app installs researchers identified came from the Google Play Store.
- Apps installed from the official Play Store
- Apps installed from alternative markets (aka third-party app stores),
- Apps downloaded via web browsers
- Apps installed via commercial PPI (pay-per-install) programs
- Apps installed via backup and restore operations
- Apps installed from an instant message (IM)
- Apps installed via phone theme stores
- App installed loaded on disk and installed via the local file manager
- Apps installed from file sharing apps
- Apps preloaded on the device (bloatware)
- Apps installed via mobile device management (MDM) servers (apps installed by enterprises on their employee's devices)
- Apps installed via package installers
In a distant second, with 10%, came alternative markets, dispelling a pretty common assumption that most Android malware these days comes from third-party app stores.
Mammoth research project using Symantec (now NortonLifeLock) telemetry confirms what everyone suspected.