Criminals are targeting mobile phone users with malware capable of billing unsuspecting victims through premium SMS services as well as invading the device user's privacy by accessing personal information, according to Lookout, a producer of mobile security software based in San Francisco.
The likelihood that any given Android -based mobile device contains malware or spyware is heavily dependent on geographic location -- from 0.02 to 0.04 percent in Japan and the United States to 41.6 percent in Russia. What's more, "people who download apps outside of trusted sources like Google Play have a higher likelihood of encountering malware," Lookout Mobile Security's research team said in a blog post.
The FakeInst family of toll fraud malware has already succeeded in stealing millions of dollars from mobile-device owners since October 2011, and accounted for 82 percent of all mobile malware detected worldwide by Lookout in June of this year. FakeInst games the app ecosystem by leveraging the built-in phone billing system known as Premium SMS.
"In general, when someone texts a specific number, or 'short code' to order a service, the content is delivered, and a fee appears on their phone bill," noted the authors of Lookout's new State of Mobile Security 2012 report. "Lax premium SMS regulation in certain geographies -- including Eastern Europe and Russia -- creates an environment in which toll fraud can be a viable business."
Proactive Privacy Management
According to Lookout, 5 percent of free Android mobile apps currently contain one or more aggressive ad networks with the ability to access the device user's personal information or display confusing ads. "In addition, a number of high-profile iOS applications raised red flags about privacy issues this year," Lookout's report says.
The good news is that American handset users are becoming more proactive in managing the personal content that resides on their phones. For example, 54 percent of U.S.-based mobile app users surveyed by the Pew Internet & American Life Project said they had decided not to install a mobile app because of the personal information they would need to share, and with 30 percent saying they had uninstalled a mobile app after learning that the software was collecting personal information about them. (continued...)