«
»

Mobile Malware “Study”: Not News

SMobile Systems put out a press release this week, with the headline “One in 63 Smartphones Infected by Mobile Spyware and Malware”. Unfortunately this headline is grossly misleading, and it has therefore been the cause of a lot of inaccurate reports.

It’s striking that SMobile Systems have chosen not to publish any of the supporting data from this “study”. I believe this is because, when the actual data is examined, the accurate conclusion is malware or spyware found in only 31 infected smartphones, most of them obsolete, which would, of course, be of no interest to any news media.

SMobile Systems have told me that the 1,958 smartphones examined are all registered with their malware detection service. Any statistician will tell you that to draw conclusions from a small sample, that sample must be randomly selected from the total population, not self-selected. The “one in 63” conclusion is thus completely invalid (obviously someone who does have malware on their phone is far more likely to subscribe to a malware removal service than someone who does not).

I have also been told that the vast majority of the infections they are detecting are Flocker. That can only infect phones with pre-2006 versions of Symbian OS and S60. All MOAP phones, UIQ phones and S60 3rd and 5th edition phones are completely unaffected by it. As we know, there has been malware on older versions of Symbian OS, but that’s precisely why we introduced platform security in 2006, and that’s still doing it’s job very well, thank you.

This entry was posted on Fri, 31 Jul 2009 at 4:10 pm and is filed under Malware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Mobile Malware “Study”: Not News”

  1. craig Says:
    Fri, 31 Jul 2009 at 4:47 pm | Reply

    i’m glad you made that statement b/c i’m fed up of all these security services scare mongering to boost sales in their sector.
    I will say what i’ve been saying all long, as long as your not getting devcerts of dodgey chinese sites to install apps that are not symbian certified then 99.99999% of people will never ever get any problem with such things

  2. Mobile Phone Development » Blog Archive » What is Malware? Says:
    Sat, 01 Aug 2009 at 9:22 am | Reply

    […] 1 Aug: Symbian Foundation has done some research on this and it turns out the malware SMobile found is very old and only on pre-2006 […]

  3. Symbian Speaks Out Against Smobile Study | Symbian-Guru.com Says:
    Sun, 02 Aug 2009 at 1:14 pm | Reply

    […] H, from the Symbian Foundation Security Blog, also noticed this bit of misleading information, and posted his rebuttal here. The Register also did a bit of digging and […]

  4. Mobile malware “study” not news « Symbian Blog Says:
    Sun, 02 Aug 2009 at 8:17 pm | Reply

    […] probably be more popular but not proud. Colleague Craig Heath posted a brief explanation on the Symbian Security Blog. This entry was written by Anatolie Papas, posted on August 2, 2009 at 8:16 PM, filed under Links […]

  5. Tyrone Peterson Says:
    Thu, 13 Aug 2009 at 3:48 pm | Reply

    Very useful information, always good to learn more.

  6. Worry Less About Malware, More About Losing Your Phone « Symbian Foundation Security Blog Says:
    Fri, 25 Sep 2009 at 1:48 pm | Reply

    […] Group to see if we can publish some; still, I’m personally convinced it’s nowhere near “1 in 63″! Statistics on the theft of phones are easier to come by. In the UK, a 2009 report published by a […]

Leave a reply to Worry Less About Malware, More About Losing Your Phone « Symbian Foundation Security Blog Cancel reply