As expected, Android malware continues to dominate the mobile threat landscape with a whopping 51,447 unique samples detected in the third quarter. The increase in samples occurred even after Google introduced Bouncer, an additional layer of security on the Android Play Store - the renamed Android Market - that scans new and existing apps and developer accounts for malicious activity. Google has claimed that this additional security resulted in a 40% drop in malicious apps being offered. Though researchers have demonstrated in technology conferences that Bouncer protection could be circumvented, it seems somewhat unlikely that this could be the reason for the increase in malicious samples.
The surge may better be attributed as a natural consequence of the continued high growth in Android smartphone adoption this quarter, particularly in regions such as China and Russia. In fact, in Q2, China officially surpassed the United States as the largest market for smartphones, with Android handsets accounting 81% of that market.
These expanding markets have also been notable for the proliferation of less-secure third-party apps markets, which are popular with users for various reasons. This factor may also account for the increasing number of malicious samples seen this quarter.
Of this number, we discovered 42 new families and new variants of existing families. Unlike the driveby malware found earlier this year, the majority of the new Android threats seen this quarter have been designed to generate profit from SMS sending activities or by harvesting information found on the infected device.
Platform-wise, the other notable event this quarter is the release of the 4.1 update, dubbed Jellybean, which included a number of exploit mitigation features as part of an ongoing effort to improve security on the platform.
Source: F-Secure Mobile Threat Report Q3 2012.