Doubts have been cast on the realities of mobile malware, with analysis of traffic showing a tiny amount of infections.
Presenting research at the Centre for Secure Information Technologies (CSIT) summit in Belfast, Patrick Traynor assistant professor school of computer science at Georgia Institute of Technology, said that analysis of three weeks worth of DNS traffic provided by a major US cellular provider showed the use of 380 unique devices (an average of 20-21 million devices per day) and 15 million unique domains visited.
His analysis found that the most downloaded malware was 'Fakedoc', 2,415 times on a mobile and 5,417 on all devices, which resulted in a 1111,000 of a per cent download rate.
“Quite simply, you are more likely to get hit by lightning than download mobile malware, the data does not support the extraordinary claims,” he said.
“There were no more than 219 and as few as 57 devices connecting to malicious domains a day, so an average of 166 out of the 20-21 million, this is a tiny number.
“Last year we presented here and said that there had to be a measurement and have to see an increase, and we did it and we do believe that mobile malware exists for iOS and Android, but no-one is downloading it. Mobile malware is real but it is not all that it is built up to be, there are plenty of other problems in telephony that need to be resolved.”
In a question and answer panel later on, Traynor was asked about whether iOS or Android was safer, and whether there was malware specifically written for the different platforms, after he said that 'nothing is inherently safe for iOS' and 'you're not safer on iOS than an Android'.
He said: “It is a question that is difficult to answer, what is harmful and what is going on out there? Are iOS users more sophisticated – it is not true. From the network behaviour I have seen, they are no different from anyone else, but I see that no one is being infected anyway.”
A comment was made if it was time to create something before there was something to steal. Traynor said that attackers will write something that will be spotted, and asked whether this is mobile malware at all, calling it a 'moral grey area'.