Skip to navigation
Latest News

Antivirus firms "misreporting" mobile malware


By Stewart Mitchell

Posted on 17 Jul 2012 at 09:05

Antivirus firms are overstating the scale of mobile malware, according to a network-level mobile security firm.

Security vendors have claimed that the number of malware variants they see is growing at an alarming rate. In May, one security vendor reported the number of threats had grown by 1,200% in one quarter - although there is plenty of scepticism surrounding the motives for such high estimates, with one Google executive last year branding the industry as "charlatans".

"When it comes to Android malware, we see a different story," said Ciaran Bradley at AdaptiveMobile, whose software runs on mobile operators’ systems to block malware before it reaches users. "We’re not denying that mobile malware isn’t out there, but we don’t see it spreading in the same way that traditional PC antivirus vendors are suggesting."

According to Bradley, the problem is exaggerated when using figures that include every new variant, with crime gangs able to create thousands of samples in a week.

We’re not seeing the levels of infection that would correspond with the number of samples that are out there

"I can’t go into specifics because our clients wouldn’t be happy, but we’re not seeing the levels of infection that would correspond with the number of samples that are out there," he told PC Pro. "It would be better if the industry talked about the number of infected devices. When the different antivirus companies are talking about samples, it doesn’t really help."

Irrelevant samples

Bradley said that the majority of malware samples would never be a threat to most users. "You need to think about where people might get those samples," he said. "If you start plotting families [of malware], that’s more useful, especially in China and Russia – with Russia there are people creating new variants every day and if people are collecting samples of all of them it can skew the numbers.

“With China there’s no official [app] market so there are fake app stores that spring up and they’re not protected or policed in the same way that the official Google Play is," Bradley said. “If they’re getting the sample from there and file-sharing sites, there’s probably not much chance of most people getting them in real life.”

Bradley said the situation was improving, with companies like Sophos releasing figures of actual infections and the most common variants. Even then, Sophos admitted its sample size was “relatively small, as our free Android antivirus (which reported the stats back to us) has only been out for a couple of months”.

Best estimates?

In a May press release reporting the 1,200% increase claim, McAfee pointed out that much of the increase was down to new ways of testing, but the majority of the headlines predictably focused on the big number.

McAfee admitted it was difficult to assess the levels of malware because there was no real benchmark. "Objectives for the security industry are generally one of the hardest things to find," said Raj Samani, CTO for McAfee EMEA. "The actual number of malware infections, for example, is almost impossible to measure."

Samani said the need to warn companies and individuals of the potential threat justified the figures used by the industry. "As an industry, the publication of such statistics is imperative to provide trending with regards to the scale of the issue, and of course they are objective," he said.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments


Anybody using % figures just to arrive at an impressive looking (i.e. big) number should be ignored as a matter of course. "A twelve-fold increase" would be a more natural way of putting it, but of course spotty sub-editors think 1200 is a 'better' number than 12.

By martindaler on 17 Jul 2012

Rooting software labelled as malware

I tried to download a well known and highly regarded rooting application for an Android phone. My corporate Trend OfficeScan blocked it and labelled it as malware. I had to root the phone manually using ADB shell commands. [Thankfully, ADB was not blocked!]

By Paul_Jackson on 19 Jul 2012

Leave a comment

You need to Login or Register to comment.



Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing


Sponsored Links

Your email:

Your password:

remember me


Hitwise Top 10 Website 2010

PCPro-Computing in the Real World Printed from

Register to receive our regular email newsletter at

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.