A study puts the Play Store at the top of the list for malware distribution

A recent academic study undertaken by NortonLifeLock has identified the Google Play Store as the primary source of malware installations on Android devices.

The study researchers analyzed the origin of the app installations on more than 12 million Android devices over a four-month period. The study took place between June and September of 2019.

All in all, there were more than 34 million app installations for 7.9 million unique applications.

Out of all of those app installs, researchers found that depending on classification, 10% and 24% of the apps they analyzed could be described as malicious and/or unwanted apps.

In the study, the researchers focused specifically on the path malicious apps take in order to reach user devices.

The research team said it looked at 12 major categories that result in app installations, which included:

  1. Apps installed from the official Play Store.
  2. Apps installed from third-party app stores.
  3. Apps downloaded via web browsers.
  4. Apps installed via commercial PPI (pay-per-install) programs.
  5. Apps installed via backup and restore operations.
  6. Apps installed from an instant message.
  7. Apps installed via phone theme stores.
  8. App installed from a disk and installed via the local file manager.
  9. Apps installed from file sharing apps.
  10. Apps preloaded on the device.
  11. Apps installed via mobile device management servers.
  12. Apps installed via package installers.

The results of the study identified that about 67% of the malicious app installations identified were traceable back to the Google Play Store.

The second Android malware spreader on the list – third-party app stores – was only identified as having spread 10% of the malicious app installs.

PDF documentation of the study is available here: PDF format 

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648