Google: No-one installed Lockdroid apps

Just 1,000 users downloaded Lockdroid, and no-one was fooled into installing it

Not a single Android user actually installed a frightening piece of ransomware called Lockdroid, according to Google, despite reports that two-thirds of users were at risk.

Only last week Symantec claimed up to 67 per cent of Android devices, but not one Android user was successfully fooled into downloading the ransomware, after Google's security features would have flagged it up, claimed Elena Kovakina, senior security analyst at Google.

Advertisement - Article continues below

Speaking at Kaspersky's Security Analyst Summit in Tenerife, Kovakina said malicious apps featuring Lockdroid were downloaded by fewer than 1,000 devices a far cry from the potential billion suggested by headlines and Google's own analytics revealed that "no users actually installed it".

The Lockdroid campaign failed to take off thanks to warnings via Google's Verify Apps system, which scans not only all the apps available via its own Google Play Store, but as many of those side-loaded through other app stores as possible.

Scanning for harmful apps

Kovakina said Google scans two million apps weekly both on its own market and others looking for what it calls "potentially harmful apps" (PHAs), which can include anything from ransomware and Trojans to surveillance and snooping.

Thanks to that programme, she said fewer than 0.5 per cent of Android devices globally have a PHA installed on them. "Which is quite a good stat," she said.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The vast majority of PHAs come via side-loaded apps, as in those not on Google Play but other app stores. Indeed, Google Play apps are ten times safer - while the infection rate of Android handsets with apps from third-party stores has slid from 2 per cent to 1 per cent in the past three months, those with only Google Play apps are all but zero, Google claimed.

Despite such external markets being more dangerous, Google does not want to ban rival app markets, because that would reduce openness and choice.

Instead, it is trying to gently push users towards making safer security choices, such as by pre-installing Google Play on the store, making it the easiest source of applications. Plus, it pops up warnings when apps are asking for too much access or if they look dodgy, tracking the decisions users make.

"This is a massive set of data, and we base security improvements on this feedback," Kovakina said.

Advertisement - Article continues below

This is also where Verify Apps plays a part, because it scans apps regardless of origin. While it is not enabled by default, users are prompted to enable the app scanning system and most Android users say yes, some 1.4 billion.

"It's actually heartwarming to know that the majority of users are enrolled by Verified Apps and trust us to protect them," the security expert said.

Free choice

Despite non-Google Play apps being scanned by the company, there is still a discrepancy between users who never leave the Google marketplace and those that do. Kovakina said that was down to choice: some users ignore Google's warning and click through to install anyway.

About a fifth of users faced with such a warning ignore it, but that stat is higher than might be expected because it includes commercial spyware and non-malicious rooting, Kovakina said, both of which users might be installing knowing full well what the risks are.

Advertisement - Article continues below

Google's data analysis can also spot when users are not blocking or uninstalling devices after repeat warnings, which can suggest the app is using persistence techniques to dodge removals, such as getting administrator powers.

Such a case recently occurred in Russia, and Google used Verified Apps to remove the malicious app without user permission on the assumption that people were trying to get rid of it and failing, something it only uses "sparingly" for "extremely malicious campaigns", she said.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020