BT backpedals on claims almost every Android device has malware

2012-07-30

Emil Protalinski

http://www.zdnet.com/bt-backpedals-on-claims-almost-every-android-device-has-malware-7000001837/

Late last week, I wrote about some eye-raising statements made by a British Telecom (BT) security expert at the NetEvents Americas. Now, BT has backpedaled on the claims. To refresh your memory, here's what Jill Knesek, head of the global security practice at BT, said:

We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware. Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing.

I noted how very skeptical I was of these assertions, even though the Android malware issue has been growing rather quickly (last month was particularly bad). Here's what I said: "I'm not sure which 1,000 Android apps BT chose to use in its analysis, but I doubt they were randomly picked. I find it very hard to believe that one third of Android apps contain malware and that almost every device has one of said apps installed."

Some readers pointed out in the comments that BT might be referring to adware, which by definition is any software that automatically displays advertisements. In some cases, adware can also be classified as spyware, a type of malware which steals user information. Given the number of free Android apps supported by ads, this was the most likely explanation. Still, I still found the numbers mind-boggling, and kept pushing BT for comment, but since it was the weekend, I didn't hear back till Monday (today).

Here's the statement BT finally supplied me with:

During a panel discussion at a Net Events conference in Florida last week, a BT employee voiced opinions on malware risks within apps distributed to users of Android-based devices. Those opinions were reflective of information available from public studies. The BT employee also mentioned in passing the existence of some testing done by BT on Android devices. BT has indeed done some testing on both Android and Apple OS environments, but not necessarily on the scale reported by media articles in the last couple of days. BT has not released that information and does not intend to elaborate further on that topic at the moment.

The fact that BT is not interested in releasing its study publicly makes me further wonder what's going on here. I have asked BT for where I can find the mentioned public studies. I'll update you if and when I hear back.

[...]
main page ATTRITION feedback