Smartphone malware evolution revisited: Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the in- troduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerg- ing smartphone platforms, e.g. Android and iPhone, mal- ware writers seemed to lose interest in writing malware for smartphones giving users an inappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform1. Our ap- proach involves usage of undocumented Android functions enabling us to execute native Linux application even on re- tail Android devices. This can be exploited to create mali- cious Linux applications and daemons using various meth- ods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.