Criminals are targeting mobile phone users with malware capable of billing unsuspecting victims through premium SMS services as well as invading the device user's privacy by accessing personal information, according to Lookout, a producer of mobile security software based in San Francisco.
The likelihood that any given Android-based mobile device contains malware or spyware is heavily dependent on geographic location -- from 0.02 to 0.04 percent in Japan and the United States to 41.6 percent in Russia. What's more, "people who download apps outside of trusted sources like Google Play have a higher likelihood of encountering malware," Lookout Mobile Security's research team said in a blog post.
The FakeInst family of toll fraud malware has already succeeded in stealing millions of dollars from mobile-device owners since October 2011, and accounted for 82 percent of all mobile malware detected worldwide by Lookout in June of this year. FakeInst games the app ecosystem by leveraging the built-in phone billing system known as Premium SMS.
"In general, when someone texts a specific number, or 'short code' to order a service, the content is delivered, and a fee appears on their phone bill," noted the authors of Lookout's new State of Mobile Security 2012 report. "Lax premium SMS regulation in certain geographies -- including Eastern Europe and Russia -- creates an environment in which toll fraud can be a viable business."
Proactive Privacy Management
According to Lookout, 5 percent of free Android mobile apps currently contain one or more aggressive ad networks with the ability to access the device user's personal information or display confusing ads. "In addition, a number of high-profile iOS applications raised red flags about privacy issues this year," Lookout's report says.
The good news is that American handset users are becoming more proactive in managing the personal content that resides on their phones. For example, 54 percent of U.S.-based mobile app users surveyed by the Pew Internet & American Life Project said they had decided not to install a mobile app because of the personal information they would need to share, and with 30 percent saying they had uninstalled a mobile app after learning that the software was collecting personal information about them.
"The way a mobile application handles personal data is a feature that many cell phone owners now take into consideration when choosing the apps they will use," said Pew Internet Project Research Associate Mary Madden on Wednesday.
Still, Lookout warns that mobile malware distribution techniques are diversifying, which means that mobile phone users will need to be even more vigilant going forward.
"Attackers are using a combination of new and existing distribution techniques, including e-mail spam, hacked Web sites that enable drive-by-downloads and affiliate-based marketing," the authors of Lookout's new report wrote.
Smartphone Users More Vigilant
According to Pew's new study, 31 percent of the U.S. mobile phone users overall reported having experienced the loss or theft of a mobile device in the past, and rising to 45 percent among users between the ages of 18 to 24. Additionally, 12 percent of respondents overall -- as well as 24 percent aged 18-24, indicated that others had accessed their handsets in ways which made them feel that their privacy had been violated.
Among smartphone owners, 59 percent of the Pew survey's respondents said they regularly back up their mobile phone content, and with 50 percent periodically clearing their mobile browsers browsing or search history. By contrast, only 21 percent of feature phone owners reported backing up phone contents and only 14 percent have cleared their handset's browsing or search histories.
"The wealth of intimate details stored on smartphones makes them akin to the personal diaries of the past -- the information they contain is hard to replace if lost, and potentially embarrassing in the wrong hands," said Pew Internet Project Research Associate Aaron Smith.