“Gartner Listed - mobile application security guide”

November 29, 2016

Android malware

Android app security testing has taken on greater challenges as mobile technology has moved forward. The key element to successful cyber attacks, human error, is leaving user’s devices without any security measures. According to a recent study, more than one third of mobile users do nothing to keep their devices secure. This is why the recent years have seen a considerable increase in the development of mobile malware.

The fragmentation of Android devices has created more problems for Android app security compared to iOS-running devices. Let us look at some of the most malicious and most recent malware discovered on Android devices all over the world.


Developed by a famous Chinese advertising agency known as Yingmob, HummingBad tricks users into clicking advertisements, generating revenues for the agency. Though it has not yet been used by the ad agency for anything other than revenue-generating ads, it is able to perform a range of malicious activities such as stealing bank login details.


Stagefright is viewed as perhaps the biggest threat to Android app security and to mobile security in general. Now the bug is back for a third time. Due to the ease with which it enters a tablet or phone and the fact that it does not require the victim’s involvement to infect their own device, it is more dangerous as compared to other malware types.

The most recent version of Stagefright has been named as Metaphor, and can take over your mobile device in as little as 15 minutes. Approximately one billion devices worldwide have Stagefright vulnerability. Metaphor infects a system when the victim receives a message that contains a link to a video which crashes the media player and restarts the phone.

Ghost Push

Another recent threat to Android app security, this malware has been around for two years. It mostly enters devices through third party apps and suspicious links, but recently it has been found to be making its ways through apps on the Google Play Store. Once it enters a system, it disguises itself as a built-in app and tricks the device into following its instructions. It can then take control of the device and display advertisements and load unsuitable content.

Devices with Android 6.0 Marshmallow and above are not affected by Ghost Push, but even then half of Android devices are still prone to this malware because of outdated Android versions making problematic to do Android app security testing for this issue.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.