However, these same consumers have not yet become comfortable with storing their card data in mobile apps. Concern about security of the apps has greatly limited their uptake.

The survey contacted 2,000 adults in the UK, and found that only 14% of them are making mobile purchases using card data stored in their phone.

Almost one third of the respondents who don’t use apps to purchase stated that they are worried about the possibility that their personal details might be stolen.

Mobile and tablet based transactions are expected to exceed 70 billion this year. Consumers cite convenience and speed as major factors for using mobile. As concerns about security diminish, the industry is expecting mobile transactions to grow rapidly, with projections of almost 200 billion by 2019.

Spiros Theodossiou, VP product management at Skrill said, “Over time, consumers have become comfortable paying for goods online… However, they are still on a journey to accepting in-app purchasing as a regular channel for buying goods and services.”

“With significant developments including major wearable technology announcements, public transport going contactless and some major players coming into mobile payments, the way we pay is changing. For this to occur, businesses will need to demonstrate the ease of use these apps offer in order to reassure users that they offer a safe way to pay and guide them along this new payment trend as it grows in popularity.”

The effected apps have been downloaded between two and nine million times, according to Google Play statistics – although not all of these downloads will be the malware-infected versions.

BadNews is reportedly able to trigger application download prompts and display fake messages, and is also capable of leaking the user’s phone number and device identifiers.

With millions at risk of serious security breaches, Android users are advised to check permissions in app settings and only download from trusted developers.

Subsequently Google, developer of the Android OS, publicly stated at a security conference that “it had no evidence that BadNews was playing a part in the distribution of SMS-borne frauds”, adding “we haven’t seen a single instance of abusive SMS applications being downloaded as a result of BadNews”.

The BadNews malware infestation was initially reported by mobile security company Lookout, and they still maintain that this is in fact malware.

Jeremy Linden, security product manager at LookOut recently was quoted by The Register as saying, “Our analysis confirms that BadNews does prompt the user to install a malware application,” but that it was written “to avoid detection”. This means that the malware generally stays inactive, but becomes active for only a few minutes at a time to make it harder to detect.

He continued, “There’s a high possibility that Google hasn’t seen it sending malware. We have systems that act like they’re infected clients, so they can sit on the malware networks and log malicious traffic. We are still seeing traffic from BadNews and we’re seeing an evolution of the code base.”

It seems freedom comes at a cost: while proponents of Android praise its openness, it’s this same quality that makes it easier for developers to insert malware within their apps. By contrast, iOS apps are manually tested by Apple before they make it into the app store to ensure they’re stable and virus-free.

Until Google Play decide to bring in some form of testing and approval, it seems Android users may be at greater risk. ]]>