Android Remains Main Target For Mobile Malware Writers Despite iOS Having More Vulnerabilities, Says Symantec

Mobile malware remains a small and nascent issue, especially when compared to the scale of threats crowding around desktop OSes, but the threat that is out there continues to mostly affect Google’s Android platform. This despite Apple’s iOS technically having more vulnerabilities, according to a new report by security software firm Symantec. The difference in threat level is a natural consequence of the two differing mobile ecosystem approaches: Apple’s walled garden vs Android’s open playground.
Symantec identified just 108 new unique threats to all mobile platforms in 2012, 103 of which targeted the Android platform vs one targeting iOS. Symbian was second after Android, with three unique threats identified, while Windows Mobile had one. But when looking at platform vulnerabilities Symantec said there were 387 documented vulnerabilities for iOS vs just 13 for Android. Elsewhere, BlackBerry also had 13, and Windows Mobile had two.
The root cause of the (small) threat level for Android is typically downloads from third party app stores (i.e. not Google Play) or users directly side-loading apps — something the Android platform allows, via a user-enabled setting, while iOS users wanting to sideload apps or use third party app stores have to jailbreak their device. It’s that open vs closed approach that explains the differing threat level, says Symantec, noting: “Android users are vulnerable to a whole host of threats; however, very few have utilized vulnerabilities to spread threats.”
Symantec does flag up one example in its report of “rogue software masquerading as popular games on the Google Play market, having bypassed Google’s automated screening process” last year. But clearly the vast majority of Android malware lands on devices via the unofficial routes cited above.
In terms of location, Android threats are ”more commonly” found in Eastern Europe and Asia, according to the report. China has a thriving market of Android-based devices that dispense with Google’s Play store, which likely explains some of the Asian distribution of Android threats.
Another security issue affecting Android is platform fragmentation, with multiple older versions of the OS potentially creating a risk, says Symantec, along with carrier additions and Android skins — since these can delay the progress of OS updates. So while Google has made changes to Android 4.x to help bolster security, the vast majority of users (circa 90% last year) are stuck using older versions of the platform.
Symantec notes security-focused tweaks made by Google in Android 4.x include adding a feature to allow users to block any particular app from pushing notifications into the status bar (to combat adware); and in Android 4.2 adding a feature to prompt the user to confirm sending a premium text (to combat premium SMS threats).
As you’d expect, Symantec is predicting continued growth in levels of mobile malware this year, as tablet and smartphone use continues to grow and attract more malware writers. Specifically it is expecting to see “ransomware and drive-by website infections on these new platforms in the coming year”.
Security companies been charting ‘rising levels of mobile malware’ for years but overall relative threat levels remain low. Still, Symantec said 2012 saw a 58 per cent increase in mobile malware vs 2011, and said the year’s total accounts for 59 per cent of all mobile malware discovered to-date — so while the threat is still small it is now more than doubling year-on-year.