Research conducted on 50% of US mobile traffic has found that you are 1.3 times more likely to get struck by lightning than have mobile malware on your device.
The research, conducted by Damballa in Q4 2014, found only 9,688 out of a total of 151M mobile devices contacted mobile black list domains (.0064%). By comparison, The National Weather Services says the odds of being struck by lightning in a lifetime are 0.01%
“This research shows that mobile malware in the Unites States is very much like Ebola – harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection,” said Charles Lever, senior scientific researcher at Damballa, who is presenting on the topic at RSA. “Ask yourself, ‘How many of you have been infected by mobile malware? How many of you know someone infected by mobile malware?’”
Lever explained that the way in which mobile operators build their platforms will mean users are protected against malware. “iOS developers must submit an application for approval before their app is available on iTunes, and Google has developed “Bouncer,” a system that scans submitted apps for evidence of malware. So for a majority of the population, by simply staying within the authorized app stores for their respective devices, they will drastically reduce the risk of being infected with mobile malware.”
Other findings included a rise in mobile malware from 0.015% in 2012. Additionally, only 1.3% (35,522) of “mobile” hosts were not in the set of hosts contained by historical non-cellular pDNS data. This means there is very significant overlap between wired hosts and mobile hosts, and mobile applications are reusing the same hosting infrastructure as desktop applications.
Brian Foster, CTO of Damballa, added that whilst these findings are reassuring, mobile malware is still a threat to keep an eye on. “While it would be naïve to think there is no risk in mobile, the true extent of mobile infections is still not widely understood. By providing an extensive network-level analysis, across millions of devices, Charles and his team are helping the industry better understand the underlying infrastructure of mobile traffic, and the risks that are likely to come in the future. By understanding these risks, organizations will be better able to apply network-based countermeasures to help detect and protect themselves going forward.”