Google has fought the mobile war against Nokia Oyj, Apple, and Microsoft (among others) and it has won -- at least in terms of OS market share.
Almost No Android Malware in the U.S.; a Whole Lot in China
Roughly four out of every five devices sold around the globe today run a version of Android. And Android is now the world's largest tablet platform as well, in terms of unit share.
But Android also has a massive malware headache. A new report from Finnish security firm F-Secure claims 97 percent of the fast-growing field of mobile malware is Android exclusive. But here comes the twist -- virtually all of that malware comes from smaller Asian and Middle Eastern third-party app stores.
On the official Google Play app and media store's apps section, only 1 in 1,000 apps was found to be classed as malware. That's slightly higher than other platforms like Microsoft's Windows Phone Store and Apple's iOS App Store, but it's not that much higher. Normalizing for market share, and it appears Google's official offerings are no less secure than Apple's or Microsoft's -- a pretty impressive feat given that its market share is nearing almost-monopoly proportions.
Amazon.com Appstore -- a popular third-party app store -- was not examined, but it is also thought to be fairly secure. So that means that the Android Americans know and love is probably about as secure as Windows Phone or iOS.
App Store Country Restrictions, Lack of Content, Developer Support Add to Problem
But the story becomes wildly different when you go overseas to Asia.
One third-party app store -- Android159 (it exists, but we're not sure of its location) -- had roughly 33.3 percent of its apps outed as pirated copies of Google Play apps rebundled to contain malware. But many other larger regional third-party app stores had somewhat lower, but still alarming high malware rates.
Baidu.com app portal -- one of the most used third party app stores in China -- had an 8 percent rate of malware. That means more than 1 in every 13 Android apps from Baidu is malicious and dangerous. Two of China's fastest growing app stores -- AnZhi (5 percent malware rate) and Mumayi (6 percent malware rate) -- were also very dangerous. Other Chinese app stores (liqucn -- 8 percent rate, eoeMarket -- 7 percent, StarAndroid -- 6 percent, appkke -- 7 percent rate, and angeeks -- 8 percent rate) are also peddlers of pestilence in the mobile space. The bottom line here is that most Chinese customers have a more than 1 in 20 chance of downloading a malicious app.
It's no coincidence that many of the app stores in question come from China. Not only does China have the world's biggest population of smartphone users, Google also does not allow its users official access to paid apps [source] -- a pretty sizeable snub. Only a handful of other countries -- e.g. Iran and Syria -- are exiled from app access, and in those cases the exile is often at the orders of the U.S. government. China is a special case perhaps because of its rocky relationship with Google (which has remained silent on the cause of the snub).
For Chinese users perhaps the safest option is to get a repackaged version of the Play Store with a spoofed country code (if they can find a safe one). This approach is fairly popular and accounts for roughly 6 percent of app downloads in China. That's pretty impressive, given no official support is coming from Google. But it's also worrisome considering that 94+ percent of Chinese users are grabbing apps from insecure sources.
A secondary issue is that while Google's Play Store is (relatively) secure, its regional support doesn't make certain kinds of content available.
For example in Japan you can get TV shows on the Play Store, but you can't get music. In Germany you can get Music from the Play Store, but no TV shows. Google offers virtually no support to developers in African nations, and many African nations only have access to the basic app store, no media content. You can download movies off the Play Store in Brazil, but go to Argentina and Google won't let you download them. And Brazil and Argentina both lack Google developer support.
Lack of support drives developers to make native language apps available at third-party app stores, as does lack of content. And almost as a rule these app stores have more than 1 in 20 apps be a pirated app bundled with nasty malware surprises.