It’s no secret that Android is definitely the most popular mobile OS for malware. Last year it was found that 96% of all mobile malware was made for Android, and up to 30% of all Android devices are infected in one way or another.
Most of these infections are looking to steal users data (usually contact details or geolocation) or to act as adware. Also on that list are the more traditional premium texting or premium calling malware that we’ve had on mobile phones for years now. It’s also true that in the vast majority of cases, these infections don’t actually do a great deal of damage in the grand scheme of things.
That’s not to say that Malware isn’t a problem, but compared to desktop OSs, it’s still a small piece of the puzzle.
Symantec recently released a report saying that Android remains the biggest platform for mobile malware, despite it not having nearly as many vulnerabilities as iOS does. What’s the difference? Well, Symantec say that they have found 13 vulnerabilities in Android, which isn’t great, but iOS? 387. Yes, you read that right, 387 vulnerabilities on Apple’s premium mobile operating system. Now they haven’t specified what these vulnerabilities actually allow a potential hacker to do, but having that number of weak points in an OS is somewhat scary.
On the other side of things, they also report finding 108 new and unique threats (rather than just counting in existing threats) for mobile platforms in 2012. 103 of those were aimed at Android, Symbian had 3, with Windows Phone and iOS each sharing one each to make up the total. So clearly, despite Android being the more secure OS, it is still the heavy preferred option for those creating malware.
The main reason for this is probably partially a numbers game, after all Android is the market leader in terms of sheer number of active devices, then factoring in the openness of the system (which allows sideloading and 3rd party app stores) and finally the fact that whilst Android versions past 4 have had a great number of security improvements, the vast majority of Android devices don’t currently have access to them.
Additions by manufacturers are also creating security problems, for example the security exploit that appeared on Samsung’s platform in 2012. They did fix it pretty sharpish, but it was still there, and it wasn’t something that the Google team did that caused it.
Overall in the mobile malware world, we’re looking at increasing growth in mobile malware across the board.
As the graph shows, since the start of 2011 we’ve seen a massive rise in the amount of of mobile malware, with everything looking to increase as the mobile world only grows larger. Symantec reckon the two biggest threats are going to be “ransomware” and “drive-by infections from websites”.
The mobile world is changing, but in some ways it’s mirroring the rise of the PC before it. A massive spurt of growth that is then slowly being caught up with by the problems that come with rapid expansion and adoption. Whereas at first you can leave behind the negative aspects of it through sheer forward momentum, they will eventually catch you, and that’s what’s happening now in the mobile world.
So as an app developer, how can you help slow this curve? Well, by developing solidly designed, well coded apps that don’t leave any doors open for hackers or malware to in behind the walls.