Thanks to its inherent "openness," the open source Android OS is vulnerable to a variety of security risks, but how often do people you know actually fall victim to Android malware or other attacks?
Is the Android security risk overstated? Is the Android risk really greater than the risks posed by its iOS and Windows Mobile counterparts? And what can users, and the enterprise IT departments that support them, do to better protect their Android devices?
We asked these questions, and more, to a variety of mobile security experts from companies including Cisco, Dell and Lookout. Here's what they had to say:
Android security threat is real
Android malware that affected U.S. users increased by 75 percent from 2013 to 2014, according to security firm Lookout's "2014 Mobile Threat Report."
"That's a significant jump, predominantly driven by an increase in ransomware, a nasty form of malware that locks a person's device and demands money in exchange for reinstated access," says Michael Bentley, Lookout's senior manager of security research and response.
Android devices were the targets of 97 percent of all mobile malware in 2014, according to Pulse Secure's "2015 Mobile Threat Report." And the Android security risk level "increased substantially year-over-year," says Troy Vennon, director of Pulse Secure's Mobile Threat Center. In 2012, there were 238 specific Android malware threat "families," and that number jumped to 804 in 2013 and 1,268 in 2014, according to Vennon.
At least 15 million mobile devices were infected with malware in September 2014, according to a report from Alcatel-Lucent's Kindsight Security Labs. Of those devices, 60 percent were Android smartphones and about 40 percent were Windows PCs that connected to the Web via mobile networks. Windows Mobile, iOS, BlackBerry and Symbian devices represented less than 1 percent of mobile malware infestations.
Symantec's 2015 "Internet Security Threat Report" says 17 percent of all Android apps (nearly a million) are malware in disguise. In comparison, Symantec uncovered approximately 700,000 Android malware apps in 2013.
Android more vulnerable than iOS, Windows Mobile
Android is more vulnerable than iOS because of its OS fragmentation, according to Geoff Sanders, cofounder and CEO of LaunchKey.
"Even when Google releases a security patch, it's ultimately up to the [device] manufacturer to provide this patch to end users," Sanders says. "This puts many more users at risk as their devices age."
The overall risk level for Android is also higher because it's the most popular mobile OS, according to Bojan Simic, CTO of HYPR Corp.
Apple deploys iOS only on its own devices, so the company has "far better control and knowledge of risk," Simic says. Apple's app verification system is also significantly more rigorous than Google's process in the Play store, and it results in less malware, according to Simic.
Windows Mobile users are safer due to the rule of "security by obscurity," Simic says. "Most hackers will direct their efforts where the biggest payoff is, and right now that target is Android due to its sheer amount of users.
Android security threat is real but 'overblown'
The mobile security threat exists, but it is "overblown," according to new research from Damballa. For its spring 2015 report, the company monitored about 50 percent of U.S. mobile traffic (including but not limited to Android). Damballa concluded that mobile users are 1.3 times more likely to be struck by lightning than to have their mobile devices compromised by malware.
"This research shows that mobile malware in the Unites States is very much like Ebola -- harmful, but greatly over exaggerated, and contained to a limited percentage of the population that is engaging in behavior that puts them at risk for infection," said Charles Lever, a Damballa senior scientific researcher, in a press release on the company's website.
Mark Hammond, senior manager for Cisco Security Solutions, agrees the Android threat has been greatly exaggerated. "The threat of Android malware is also directly associated with the source. If the average user is sticking with a well-regulated app store, like Google Play, then the risk of malware diminishes significantly."
The mobile malware threat is "really minimal," according to John Gunn, vice president of VASCO Data Security. While many people have some sort of malware on their computers, "few know anyone who has had malware on their mobile device," he says.
Verizon's 2015 "Data Breach Investigations Report" also concluded that "mobile threats are overblown," and "the overall number of exploited security vulnerabilities across all mobile platforms is negligible."
The risk of malware making its way into a native Android app is lower than ever thanks to Google's automated scanning and other new security improvements, according to Terry May, an Android developer with Detroit Labs. Google "reinforced the Android sandbox with SELinux and enhancements to the Google Play services library that can scan for vulnerabilities on the local device and not just the apps in the store," May says. "This means that even apps that have been side-loaded can be scanned."
Less than 1 percent of Android devices had a potentially harmful app (PHA) installed in 2014, and the number of PHAs on Android devices dropped by 50 percent between the first and fourth quarters of last year, according to a Google Online Security Blog post published by Android security lead engineer Adrian Ludwig in April 2015. Less than 0.15 percent of devices that only installed apps from Google Play had a PHA installed last year, Ludwig wrote.
The bottom line is that malware attacks "are increasing because users are spending more time on mobile devices than ever before, the value of the data on mobile keeps increasing, and a single OS (Android) dominates the market, increasing the footprint for attackers," says Domingo Guerra, president and cofounder of Appthority.
However, mobile malware isn't necessarily more prevalent. "Although the number of mobile malware apps is definitely booming, so is the number of good and benign apps," Guerra says
- See more at: http://www.channelworld.in/features/experts-bust-android-security-myths#sthash.D3A1r4ZO.dpuf
netizens left a footprint.