Do we really have to worry about security for our mobile devices?

After recently automatically renewing the internet security package for my PC, I was hit by an old style virus that required a full scan and clean up of my PC system. It did occur to me that it was a happy coincidence timing wise as I was thinking about the expense relative to the reduced use of the PC in our household and the ever increase in mobile devices. The two leading internet security provides – Symantec and McAfee – do also provide limited protection for your mobile devices as part of their main security package although the cost of the pure mobile offerings are cheaper.

It did get me thinking about security on mobile devices. I just assumed that as most mobiles use apps that are vetted by their respective platform providers the exposure to viruses and malware was not as prevalent. A recent article from Fortune on a mobile security company called Lookout, which provides a free mobile security app, provided some interesting statistics on the possibility of encountering at least one security threat over a 7 day period by country (data collected from January to May 2013), as reproduced below.

click to enlarge

Another start-up in the mobile security space, Bluebox, claimed to have found vulnerability in Android’s security model that allows a hacker to modify code without breaking an application’s cryptographic signature and thereby a hacker could potentially turn any legitimate application into a malicious Trojan. Of course, it’s in a mobile security company’s interest to hype up the danger. There are many companies with products in this market – besides those already mentioned; there are Avast, F-Secure, Kaspersky, Webroot and TrustGo, to name but a few.

Researchers from Northwestern University and North Carolina State University published a paper in March 2013 entitled “Evaluating Android Anti-malware against Transformation Attacks” and concluded that none of the ten commercially available tools tested were resistant against common malware transformation techniques. They also concluded that “a majority of them can be trivially defeated by applying slight transformation over known malware with little effort for malware authors”.

Last week, ABI Research predicted that the mobile encryption alone, including both software and services, is expected by the firm to hit $230 million by the end of 2013. The press release stated “In its report, ABI calls out device manufacturers and mobile providers for their slow adoption of security software. The firm predicts that much of the segment’s growth will be pushed by security and mobile device management companies in the short-term.”

From the point of view of a user, and somebody who knows nothing about the technicalities of the sector, I just hope that my current PC internet security provider, one of the big two internet security software names, package my mobile needs into my already too expensive (and getting less relevant every day) PC package.