Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Report: 99 Percent of New Mobile Threats Target Android

Soulskill posted about 5 months ago | from the not-the-market-share-you-want dept.

Android 269

MojoKid writes: "Google's open source Android platform has the distinction of being the most popular mobile operating system in the world. That's great in terms of dominating the market and reaping the rewards that come with it, but it's also for that very reason that Android finds itself the target of virtually every new mobile malware threat that emerges. According to data published in F-Secure's latest Mobile Threat Report (PDF), over 99 percent of the new mobile threats it discovered in the first quarter of 2014 targeted Android users. To be fair, we're not taking about hundreds of thousands, tens of thousands, or thousands of malware threats — F-Secure detected 277 new threat families, of which 275 honed in on Android."

cancel ×

269 comments

Sorry! There are no comments related to the filter you selected.

secure from what? (0)

Anonymous Coward | about 5 months ago | (#46884333)

fwiw, the NSA has owned all platforms, so it's not like iOS is invincible. For a long tim i've maintained that it's not correct to refer to things as "secure." more precisely, you have to specify secure from what? iOS may by secure from credit card hackers but insecure to government spy agencies. meanwhile, Android is as secure as an umbrella made of lace blocks the rain.

Re:secure from what? (1, Interesting)

binarylarry (1338699) | about 5 months ago | (#46884469)

This is probably worse for iOS than being insecure.

Their marketshare has fallen so far it's not worth targeting them any more.

Re:secure from what? (5, Funny)

Anonymous Coward | about 5 months ago | (#46884605)

This is probably worse for iOS than being insecure.

Their marketshare has fallen so far it's not worth targeting them any more.

Speaking as an iOS user, I'm perfectly fine with you Android users getting all of the malware love. No really... you can keep all of it... I don't want any!

Re:secure from what? (1)

cheesybagel (670288) | about 5 months ago | (#46884831)

A lot of the malware exists because people can sideload apps. I would rather continue being able to sideload apps that I developed myself rather than pay Apple for the privilege of running my own code on my own device.

Re:secure from what? (1)

exomondo (1725132) | about 5 months ago | (#46884983)

I would rather continue being able to sideload apps that I developed myself rather than pay Apple for the privilege of running my own code on my own device.

Personally I'm not that fussed about it, I can either jailbreak my device or shell out $99 (which includes the ability to publish and share my software with others) if I really want to do that. Either way it's no big deal.

Malware for Android is no different from malware for Windows or for OS X, the bulk of it is due to being able to run any code you want (where unless you wrote it you probably don't know what it does) and most people will just click through warnings about unsigned code, virtually none will ever vet any code ever. If you take the precautions to only run binaries from reputable sources or to compile from source yourself (nobody does that outside of a few geeks) from a reputable repo then you should be ok...but then again the heartbleed bug shows that isn't the case all the time either.

The flip side of that is that on iOS you place all your trust in Apple to make sure that they vet code properly, by and large they do a pretty good job of that but that isn't to say they couldn't have a major slipup (in the style of goto-fail) in the future. With the freedom to run any code comes the responsibility to vet that code (whether that is the source - as in where it came from - of the binary or the sourcecode itself) and most users are not up to that challenge or just cannot be bothered and so malware persists.

Re:secure from what? (2)

sexconker (1179573) | about 5 months ago | (#46885009)

A lot of the malware exists because people can sideload apps. I would rather continue being able to pirate apps than pay for them.

Fixed that for you, and the vast majority of Slashdotters.

Re:secure from what? (1)

dugancent (2616577) | about 5 months ago | (#46885209)

Android has just over 50% of the US marketshare, hardly "fallen so far".

Re:secure from what? (4, Interesting)

Penguinisto (415985) | about 5 months ago | (#46884571)

fwiw, the NSA has owned all platforms, so it's not like iOS is invincible.

I strongly suspect that it has less to do with any flaws in either OS, than it does in the fact that iPhones get regular updates/patches/etc, whereas the vast majority of Android phones do not.

This is the one thing that Apple really should get props for - they go out of their way to ensure that, within reason, older iPhones get patched/updated along with the newest ones. Meanwhile, all but a relatively tiny fraction of (global) Android users buy models where neither carrier or manufacturer really give a damn if the phones they sell ever see a patch. I mean, seriously - the cheap/low-end Android phones can still be found coming out brand new with 2.2/2.3 installed on the damned things.

Until that paradigm changes, the massive majority of malware and hacks will target the obviously juicy (and mostly obsolete and/or unpatched) Android market.

Re:secure from what? (2)

cheesybagel (670288) | about 5 months ago | (#46884893)

the cheap/low-end Android phones can still be found coming out brand new with 2.2/2.3 installed on the damned things

BS

Re:secure from what? (2)

gnoshi (314933) | about 5 months ago | (#46885215)

the cheap/low-end Android phones can still be found coming out brand new with 2.2/2.3 installed on the damned things

BS

I was surprised, but you're right: when I looked at the pre-paid devices offered by several mobile providers, I didn't find any that were being sold with a pre-4.x OS version. It is no doubt still possible to buy old Android phones with old Android versions, but even cheap devices by Huawei and ZTE are now coming out with Android 4.x

Unfortunately, because manufacturers often provide very poor ongoing support for devices, a large number of devices already in the market will never be updated. In that way, I agree with the parent's parent: Apple can get props (relative to many Android device manufacturers) for providing relatively long term OS/security updates.

Re:secure from what? (1)

AmiMoJo (196126) | about 5 months ago | (#46885149)

Android devices do get regular updates direct from Google via Play, including security fixes. However, since Play is not available in some countries, notably China, those users are reliant on their provider (usually the mobile network operator).

So your statement that the "vast majority" don't get updates is simply wrong, particularly for people in the west and Japan/Korea, but applicable to China. Even so most malware does not rely on security flaws, it simply entices the user to install it (trojan).

As for iOS updates, while technically true that older devices like the iPhone 4 and iPad 2 get them a lot of people find that the loss of performance is crippling so choose not to upgrade. At work all company iPhone 4s are still on iOS 6 because of the poor performance of v7 and some compatibility issues (sorry I don't have details).

Android more insecure than Windows!!! (-1)

Anonymous Coward | about 5 months ago | (#46884339)

All the ppl on this site who complain about Windows being so insecure, any other system is just as insecure, you and your hubris just wont accept reality.

Re:Android more insecure than Windows!!! (1)

Penguinisto (415985) | about 5 months ago | (#46884609)

It ain't inherent security so much as it is inherent refusal to patch on the part of manufacturers and carriers.

It would be like putting up a Redhat 9.1 box with all default settings, giving it a public IP addy, and plugging it in directly to the Internet - sure it was very secure for its time, but unpatched and obsolete, it'll become just another victim.

Until manufacturers and carriers realize this (and stop thinking strictly like a damned CE company), this will continue to be the state of things.

Re:Android more insecure than Windows!!! (1)

mmell (832646) | about 5 months ago | (#46885049)

Actually, I (personally) get it. I run a mix of MS-Win, Linux and Android devices at home, and I consider all to be equally "insecure".

Then again, I consider myself part of the "white noise". I don't surf for kiddie-porn, don't download (excessively large) amounts of copyrighted video and audio content, and I already know how to manufacture explosives (thus not needing an updated version of The Anarchist's Cookbook). I'm actually a law-abiding US citizen - but I'm perfectly happy to function as white noise for those who believe (quite correctly) that governments everywhere should be kept on their toes - and allowed or even hastened to fall if they fail in this requirement.

Not really news... (0)

Anonymous Coward | about 5 months ago | (#46884341)

Malware writers always target the "Big Dog" for market dominance. 10 years ago, 99% was written for Windows for the same reason.

Market Share (5, Funny)

presspass (1770650) | about 5 months ago | (#46884347)

When Apple gets the market share that Android has, you'll see that Apple gets as many attacks as Android does.

They are not much different (0)

Beat The Odds (1109173) | about 5 months ago | (#46884373)

Get real. Android is a little over 50% and Apple (iOS) is a little under 50%.

Re:They are not much different (4, Informative)

MatthiasF (1853064) | about 5 months ago | (#46884417)

Not even close.

Try 78% and 15%, in favor of Android.

http://www.engadget.com/2014/0... [engadget.com]

Re:They are not much different (0)

peragrin (659227) | about 5 months ago | (#46884867)

True but 80% of those android devices have never received one update due to carrier restrictions.

80% of all iOS devices have updates installed within 1 month of the updates release.

Re:They are not much different (0)

Anonymous Coward | about 5 months ago | (#46885025)

And that changes the market share picture how?

Re:They are not much different (1)

cheesybagel (670288) | about 5 months ago | (#46885055)

He's probably one of those Apple fanboys who only compares iOS marketshare in the US in the quarter a new iPhone model comes out.

Re:Market Share (0)

John Bokma (834313) | about 5 months ago | (#46884421)

Yawn: http://www.comscoredatamine.co... [comscoredatamine.com]

Re:Market Share (1, Funny)

MatthiasF (1853064) | about 5 months ago | (#46884477)

The United States is only 4% of the world's population. Look at global statistics, instead of cherry picking your favorite nation.

Re:Market Share (0)

Anubis IV (1279820) | about 5 months ago | (#46884563)

I don't see how your statistic is relevant in the least, given that the entire world is not in the market for smartphones. In the smartphone market, the US still comprises a decently large slice of the pie, particularly at the high end of the market where the more valuable users tend to reside.

Re:Market Share (3, Informative)

amicusNYCL (1538833) | about 5 months ago | (#46884939)

In the smartphone market, the US still comprises a decently large slice of the pie

The US numbers show iOS at 42%, and Android at 51%. The worldwide numbers show iOS at 15.5%, and Android at 78.9%. So, there's your difference. Links stolen from above:

http://www.comscoredatamine.co... [comscoredatamine.com]
http://www.engadget.com/2014/0... [engadget.com]

Those worldwide numbers are from 2013 though, so I expect that iOS would have continued to shrink over the past 4 months, there's no reason it would have gone up.

particularly at the high end of the market where the more valuable users tend to reside.

News flash: there are more high-end smartphones [laptopmag.com] that run Android then there are that run iOS. Welcome to 2012.

Saying that more malware targets Android than does iOS is the same as saying more targets Windows than MacOS. It's a market share issue, again.

Re:Market Share (1)

Anubis IV (1279820) | about 5 months ago | (#46885003)

Oh, market share is certainly a factor, but as I already detailed in another reply [slashdot.org] , I hardly think it's the factor that matters most.

Also, I never suggested iOS outnumbered Android, whether at the high-end or not, nor would I, since I agree with you that that simply isn't the case. Setting aside your straw man, what you'll see is that I suggested that the US' population tends to reside disproportionately at the high-end of the market, relative to the world's smartphone market.

Going back to market share, I wasn't trying to make a point, other than that his statistic was irrelevant. I don't particularly care which platform is "winning", so long as we have some competition going on.

Re:Market Share (1)

cheesybagel (670288) | about 5 months ago | (#46885115)

Most of the cellphone market is smartphones now. Sorry bud.

Re:Market Share (3, Interesting)

John Bokma (834313) | about 5 months ago | (#46884687)

Feel free to provide those. But since it's roughly 50/50 in the USA why aren't the attacks in the USA also not 50/50? Or is the USA of no interest at all to malware writers? (I would say the opposite).

Re:Market Share (1)

mythosaz (572040) | about 5 months ago | (#46884789)

Attacks for Android exist because Android doesn't have as high of walls on its garden.

That said, a US-based malware writer does set the "USA Only" flag when he publishes. He's content to allow it to run in China and India.

Re:Market Share (1)

exomondo (1725132) | about 5 months ago | (#46885021)

But since it's roughly 50/50 in the USA why aren't the attacks in the USA also not 50/50?

Maybe they are. I can't say I have seen any such statistics and I certainly can't understand why malware writers in general would target only a specific geographic area or even how they would limit it to that area.

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46885245)

I can imagine that credit card details of someone living in the USA is more useful than say someone living in Mexico (which I actually do).

Re:Market Share (0)

Anonymous Coward | about 5 months ago | (#46884951)

The United States is far more important than the rest of the world. In fact, foreigners are essentially worthless outside of making cheap goods. Who cares what phone some illiterate sweatshop worker has?

Re:Market Share (1)

Merls the Sneaky (1031058) | about 5 months ago | (#46885127)

"Who cares what phone some illiterate sweatshop worker has?"

People who make malware and want it to spread as far as possible.

Re:Market Share (1)

Mr D from 63 (3395377) | about 5 months ago | (#46884525)

If you look at market share for phones only, you get one thing, if you include tablets and other devices, lots more android.....

Re:Market Share (3, Informative)

John Bokma (834313) | about 5 months ago | (#46884745)

http://tabtimes.com/resources/... [tabtimes.com] begs to differ. Or so it seems... And http://en.wikipedia.org/wiki/U... [wikipedia.org]

Re:Market Share (1)

Mr D from 63 (3395377) | about 5 months ago | (#46884845)

Interesting, that does kind of blow up my assumption. There seems something funny about those numbers in wiki though...can't put my finger on it.

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46884961)

The latter is easy, you can do research and fix the numbers accordingly. I think a lot of Slashdot users are tricked by cognitive bias because they themselves prefer Android over iOS (or the vocal ones do). I have a cyanogenmodded Kindle Fire (1st gen) and an iPad (4th gen) and prefer the latter over the former; to me Android (the cyanogenmod version) looks more ugly, which is also bias, of course. Oh, I am sure I can "fix" it by installing stuff, like I can "fix" Linux distros, but that's exactly what I want to avoid ;-)

Re:Market Share (1)

Mr D from 63 (3395377) | about 5 months ago | (#46885147)

I use Android devices simply due to cost. Wife has Iphone, its nice. No bias here, Android had a lot of ground to make up wrt market share, I just thought they were further along and that tablets, rather than phones, where the place where more share was being taken... I got that backwards.

Kindle is not a good Android representation. I have 3 different Android tablets..they all 'just work'. Never saw any need to pay more cause I got what I need. I did get super frustrated trying to add some free apps to wife's iphone without giving them a credit card number. Had to run through all kinds of hoops. That was a huge turnoff for me, but the phone works fine for the wife...she's happy, I'm happy.

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46885341)

No idea why the Kindle Fire isn't a good representation (I have no problems with it). OK, it probably depends a lot on what you do with it. But Angry Birds and Sky Cups run great on it ;-). As for the credit card, haven't encountered that one. I never needed a credit card to install apps on the iPad; I just bought an Apps or iTunes card in a local shop, entered the code and got credit. I am outside of the USA, so maybe that's the difference? (Also, I use my own email address instead of icloud).

Re:Market Share (1)

amicusNYCL (1538833) | about 5 months ago | (#46885023)

http://tabtimes.com/resources/... [tabtimes.com] begs to differ

You're bad at reading statistics. Your sources show that in Q1 2013, iOS had a market share of 48.2%. Then in Q3 2013, six months later, the market share was 29.6%. That still sounds like lots more Android. Look at that table on the Wikipedia article also. In Q2-Q3 2013, according to units sold or units shipped, iOS was between 14.2% and 18.2%, and Android was between 74.4% and 79%.

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46885223)

Market share and actual use are 2 different figures. From the same page: installed base at the end of 2013 iPad: 51% Android: 40%.

Re:Market Share (1)

amicusNYCL (1538833) | about 5 months ago | (#46885293)

Market share and actual use are 2 different figures.

Yes, I know that. Which of those are we discussing in this thread? Hint: check the thread title.

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46885357)

Yup, and wrt threats install base is way more interesting to look at than market share. So why if the install base is roughly 50 50 (or 60:40 with 60 for iOS) *why* do 99% of the threats target Android.

Re:Market Share (1)

andydread (758754) | about 5 months ago | (#46884699)

yawn http://techcrunch.com/2013/08/... [techcrunch.com]

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46884759)

yawn. In related news: the market share of christmas trees has plummeted significantly. Oh, and if you don't get that, you don't get marketshare (Hint: AUGUST 2013).

Re:Market Share (1, Funny)

amicusNYCL (1538833) | about 5 months ago | (#46885077)

In related news: the market share of christmas trees has plummeted significantly. Oh, and if you don't get that, you don't get marketshare (Hint: AUGUST 2013).

Are you suggesting that the market share of units sold changes for some reason 4 months before Christmas versus the rest of the year? Wouldn't the two OSs be sold in the same percentages both before and after Christmas? The price points aren't so different that something like that would happen.

Also, what is "the market share of Christmas trees"? Which market are you referring to there? In the Christmas tree market, the market share of Christmas trees stays roughly at 100% the entire year. Christmas trees don't have a lot of competition in the Christmas tree market. That's not a very good analogy.

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46884787)

And to help you out a bit more: http://www.theguardian.com/tec... [theguardian.com] aptly titled "Why an 80% market share might only represent half of smartphone users"

Re:Market Share (1)

andydread (758754) | about 5 months ago | (#46884945)

hahaha keep living in your apple bubble. Meanwhile the facts on the ground.....

Re:Market Share (1)

John Bokma (834313) | about 5 months ago | (#46884985)

[citation needed] And FWIW, I own a tablet running Cyanogenmod. Welcome to the real world (TM).

Re:Market Share (0)

Anonymous Coward | about 5 months ago | (#46884453)

Global market share on all platform types (smartphone and tablet) puts Android just above the 50% marker, and iOS just under the 50% marker. In what world does your perspective make any sense?

Re:Market Share (4, Insightful)

BasilBrush (643681) | about 5 months ago | (#46884473)

Of course Apple used to be the market share leader. But Android also had most malware back then too.

It has nothing to do with market share. It's about security. The difference is a single curated market for Apple, vs multiple markets and no curation for Android.

Re:Market Share (1)

Tough Love (215404) | about 5 months ago | (#46884581)

[Citation needed]

Re:Market Share (1)

BasilBrush (643681) | about 5 months ago | (#46884909)

For what?

Re:Market Share (1)

jo_ham (604554) | about 5 months ago | (#46884957)

[Citation needed]

Oh, I don't know. Just pick any random slashdot thread where a security vulnerability in an Apple product is mentioned. Those comments seem to rely pretty heavily on "it's about security, not marketshare" when the tables are reversed.

If it's good for the goose, it's good for the gander.

Re:Market Share (1)

AmiMoJo (196126) | about 5 months ago | (#46884885)

no curation for Android

Untrue. By default you have Play, Google's curated app store. You can install other app stores or side load, but the default is just Play.

With great power comes great responsibility and all that. Besides which Apple's App Store isn't devoid of malware either, it's just a different kind of malware. My girlfriend is Chinese and there are a lot of Chinese apps, presumably not even visible in the western version of the store, that look extremely iffy. They ask you for random personal details, direct you to nasty looking web sites, and have masses of rip-off in-app purchases and pay-to-win scenarios.

Re:Market Share (4, Insightful)

jo_ham (604554) | about 5 months ago | (#46884977)

no curation for Android

Untrue. By default you have Play, Google's curated app store. You can install other app stores or side load, but the default is just Play.

With great power comes great responsibility and all that. Besides which Apple's App Store isn't devoid of malware either, it's just a different kind of malware. My girlfriend is Chinese and there are a lot of Chinese apps, presumably not even visible in the western version of the store, that look extremely iffy. They ask you for random personal details, direct you to nasty looking web sites, and have masses of rip-off in-app purchases and pay-to-win scenarios.

You realise if an Apple user tried to spin that line in a story where 99% of malware was targeted at iOS they would be down modded into the ground, right?

"Here's tangible, documented proof of 99% of malware being on Android, but hey, some Chinese apps on iOS 'look a bit suspicious' so Apple is bad too!"

Laughable. Truly laughable.

Re:Market Share (4, Informative)

Anubis IV (1279820) | about 5 months ago | (#46884547)

I keep seeing this line trotted out, but it only serves to distract from the real issue.

What I've seen time and again from these reports over the last year is that it isn't about Android vs. iOS: it's about app stores. The Google Play store, for instance, has been the source of very few malware incidents (i.e. something like 2-3% of the total). Most of the malware hitting Android is coming from third-party stores that are of questionable trustworthiness. As always, users should be advised to only install software from sources they trust. If iOS allowed users to install from third-party stores without jailbreaking, we'd be seeing the same problems on iOS, regardless of their current marketshare or lack thereof (besides which, marketshare is a measure that shouldn't be used in isolation when assessing the worth of a platform's users to developers, including malware developers).

So, please, stop painting this as an iOS vs. Android thing. Regardless of platform, the users being affected by this stuff, in general, are those grabbing apps from untrustworthy sources. Focus your attention there.

Re:Market Share (1)

ArcadeMan (2766669) | about 5 months ago | (#46884641)

Indeed, putting all problems into the "malware" category just confuses the issues.

Viruses are the real problem, because even the most secure OS in the world cannot protect its users against trojans. "Enter my password to see the dancing kitty? Of course I will!"

Re:Market Share (0)

ashpool7 (18172) | about 5 months ago | (#46884653)

So, the iOS solution is to not _let_ users install apps from untrustworthy sources.

Android doesn't have a solution... so... there's that.

How is that not an iOS vs Android issue?

Re:Market Share (2)

Anubis IV (1279820) | about 5 months ago | (#46884701)

You're right. The way I should have phrased that is that it isn't about the security of the OSes themselves or their relative market shares, it's about the security of the stores from which the OSes procure their apps.

That said, I'd be careful in how you refer to them. This isn't an OS issue, per se, so much as this is a platform or ecosystem issue. We're not talking about inherent weaknesses in the OSes themselves; we're talking about weaknesses in other parts of the ecosystem that can affect the OS.

Re:Market Share (1)

Savage-Rabbit (308260) | about 5 months ago | (#46884919)

So, the iOS solution is to not _let_ users install apps from untrustworthy sources.

Android doesn't have a solution... so... there's that.

How is that not an iOS vs Android issue?

Because it's an App store problem. Google Play store and Amazon probably do a pretty good job on security but dozens of others do not. Both OS'es are more or less equally vulnerable and if Apple allowed every Tom, Dick and Harry to sell iOS apps with zero effort to assure that they are selling malware free software Apple would have the exact same malware problem that Google does with Android. Whatever else iTunes may be, as far as malware is concerned, iTunes seems to be a quite trustworthy source. To distill his comment into a single sentence for the catchphrase loving 2/3s of the /. reading public: "When it comes to making life hard for malware authors, walled gardens have their advantages." I'm sure that like your self very few people here agree with that statement so if you'll excuse me, I'm going to pop into the locker room now to don my fire resistant suit.

Re:Market Share (1)

digitalPhant0m (1424687) | about 5 months ago | (#46884655)

So, please, stop painting this as an iOS vs. Android thing

But then what fun would there be to have?

Re:Market Share (0)

Anonymous Coward | about 5 months ago | (#46884673)

Which begs the question, shouldn't there be an easy way to prevent Android users from downloading apps from questionable stores? Shouldn't this be the default and the owner would need to explicitly go in and enable access to those questionable stores?

The users are to blame, certainly, but by not forcing users into a safe sandbox to live in, that they have to explicitly turn off to access questionable material, means the design itself is to blame as well.

Still the fact that you can go out now and buy a brand new phone, not old stock, with an outdated OS that will never be updated to the current OS by the manufacturer/vendor/carrier yields a certain ridiculousness to anyone making a statement that Android is inherently secure and it's all the user's fault. I can run a Windows 98 system and it'll be perfectly secure in standalone (never connect removable media, network, etc. to it) form, but how long will it stay secure after its connected to the internet?

Re:Market Share (0)

Anonymous Coward | about 5 months ago | (#46885125)

ummmmm, you are aware that android disallows installation of apps from third party sources by default, right? To be able to do it, the user must go into settings, then go into developer options (which is actually hidden as of 4.3) and select to install third party, and then agree to the warning it displays. How is that not something they have to explicitly turn off to access questionable materials?

Re:Market Share (3, Interesting)

tlhIngan (30335) | about 5 months ago | (#46884689)

What I've seen time and again from these reports over the last year is that it isn't about Android vs. iOS: it's about app stores. The Google Play store, for instance, has been the source of very few malware incidents (i.e. something like 2-3% of the total). Most of the malware hitting Android is coming from third-party stores that are of questionable trustworthiness. As always, users should be advised to only install software from sources they trust. If iOS allowed users to install from third-party stores without jailbreaking, we'd be seeing the same problems on iOS, regardless of their current marketshare or lack thereof (besides which, marketshare is a measure that shouldn't be used in isolation when assessing the worth of a platform's users to developers, including malware developers).

So, please, stop painting this as an iOS vs. Android thing. Regardless of platform, the users being affected by this stuff, in general, are those grabbing apps from untrustworthy sources. Focus your attention there.

The problem is, Google Play isn't available in a lot of places where Android is. Say China, for example.

China's especially touching because the Chinese app stores are complete rubbish - full of pirated apps and Trojans and other crap.

But even in North America or Europe, sticking with Google Play is limiting, because there are tons of legit app stores as well. Say, Humble Bundle or Amazon. But the problem is the checkbox is all or nothing - either you only use Google Play, or you allow everything.

The problem with "let the user decide" is it ignores the ultimate reality of security - Dancing Pigs [wikipedia.org] . Basically a user cannot be trusted with their own security - they will always choose the least secure path if it gets them what they want. So if their friend shows them a new app they have to install manually, well, they'll do it.

Hell, even on iOS jailbroken users get broken into constantly. Because they install OpenSSH, usually because some HOWTO said to install it. There have been many iOS worms and Trojans that exploit the fact that if you can SSH into an iOS device, it's jailbroken so you can do many more things.

Re:Market Share (1)

AmiMoJo (196126) | about 5 months ago | (#46885033)

By that argument all computing devices should be locked down and not allowed to be general purpose. The internet should be heavily filtered and turned into a walled garden. Some people might like that, but a lot would reject it.

The thing about Chinese app stores is that they have got a lot better in the last couple of years. The reason why is rather obvious. The service provider usually provides the app store, and it is in their interest not to allow apps that rack up massive phone bills by texting premium rate numbers because often the user can't or won't pay. Legally they make themselves liable by providing the app responsible.

Places like China are going through the same phase the west went through in the late 90s/early 2000s. It's all new, people need time to get used to it, and until then they fall for all the old scams. Companies too need time to get their act together in preventing fraud. Eventually they will reach the level the west is at, where most people know not to install random crap or fall or Nigerian princess offering them a share of their millions.

Re:Market Share (1)

Merls the Sneaky (1031058) | about 5 months ago | (#46885189)

"But the problem is the checkbox is all or nothing - either you only use Google Play, or you allow everything."

Not true you can use the check box, install your third party application and the remove the check limiting installs to play store only again.

Re:Market Share (0)

Anonymous Coward | about 5 months ago | (#46884593)

When Apple gets the market share that Android has, you'll see that Apple gets as many attacks as Android does.

How come you lot will ignore the same argument between Windows and Linux
The hypocrisy you lot display sometimes just galls me

No shit (1)

Anonymous Coward | about 5 months ago | (#46884349)

Android is the only platform on which it is flexible enough to allow for any sort of mobile malware.

This speaks to restrictions of other application types have too.

But even with this taken into consideration, the amount of Android devices infected with mobile malware? Still next to none.

Article is essentially just flamebait.

Re:No shit (2)

MonkeyBoy (4760) | about 5 months ago | (#46884725)

This comment reminds me of the people on Apple Support Communities who insisted that FlashBack was not actually a thing, that it was not infecting any systems, anywhere, and it was all just a big myth created by AV companies to sell product.

Meanwhile I was spending a day each week clearing FlashBack off dozens of infected student systems because the kids were too &*(@#$ stupid to not whack the monkey or whatever stupid thing they did in order to get infected (and god help us if we didn't give them administrative privileges, you don't want to hear the caterwauling they make at the slightest hint of restrictions).

See, apparently I'm in the employ of AV companies and didn't know it. My bank account never noticed it either.

It's beyond me why any new OS isn't virus immune. (1)

GoodNewsJimDotCom (2244874) | about 5 months ago | (#46884357)

It isn't incredibly hard to make an OS that:
During a special system boot: You can only install drivers and bootable items.
During a security boot: You can only install software to its own directory, and it can't interact with other software or system files.

There, you can't get a virus. Its up to the OS designer to decide how to share things securely. There are lots of options which can be secure to do that, and isn't worth talking about securing the very system.

It is beyond me why we have modern OSes which aren't 100% virus secure during a security boot... Especially when we're talking about Aps, something people assume should be running in a sandbox mode.

Re:It's beyond me why any new OS isn't virus immun (1)

axlash (960838) | about 5 months ago | (#46884371)

It isn't incredibly hard to make an OS that...

If it was easy, we wouldn't have so many viruses.

Re:It's beyond me why any new OS isn't virus immun (1)

Anonymous Coward | about 5 months ago | (#46884507)

Android doesn't. Yes, there have been a few.

But the malware being talked about has to be installed by the user. And they are Trojan applications.

Re:It's beyond me why any new OS isn't virus immun (1)

GoodNewsJimDotCom (2244874) | about 5 months ago | (#46884891)

Its much easier to not even try at all. Remember Windows was written before the Internet was easily accessible by the public. Why do an expensive rewrite of an OS, when you can just sell your customers computers a sneeze away from getting a virus. Hey maybe even some of them are dumb enough to buy new computers and windows products when their last one gets slow.

Re:It's beyond me why any new OS isn't virus immun (1)

tomhath (637240) | about 5 months ago | (#46884457)

There, you can't get a virus

Unless it finds a way to disguise itself as a driver or bootable item and interact with other files (which is what malware does).

Re:It's beyond me why any new OS isn't virus immun (1)

MatthiasF (1853064) | about 5 months ago | (#46884505)

Or a font.

Everyone always forgets that virus can travel in fonts too.

Re:It's beyond me why any new OS isn't virus immun (1)

ArcadeMan (2766669) | about 5 months ago | (#46884659)

Even if it's not a virus it can be malware anyway.

Comic Sans, anyone?

Re:It's beyond me why any new OS isn't virus immun (3, Interesting)

greenwow (3635575) | about 5 months ago | (#46884947)

Microsoft has been caught executing code in fonts before, so what you intended to be a joke isn't one. Where I work, we think this issue: https://technet.microsoft.com/... [microsoft.com] is what shutdown our Windows servers last fall the day after we installed a font we used when generating PDF files. Fortunately, the virus writers were incompetent and crashed Windows, or we probably would have never found the exploit. All of the servers handled credit card transactions and one did ACH transactions so the problem could have put my employer out of business.

Wow, a Microsoft fanboi... (0)

Anonymous Coward | about 5 months ago | (#46885321)

with moderator points!

The Microsoft TTF backdoor was pretty hard to cleanup. Our FAX server got it. The .NET library we were using that converted .doc files to .tiff files was the problem. It deleted ~/AppData/Local/Temp to try to cover its tracks which broke several other things.

Re:It's beyond me why any new OS isn't virus immun (1)

Noah Haders (3621429) | about 5 months ago | (#46884575)

what about regular boots that aren't special system boots or security boots. and what about privelage escalation where a virus gets access to do a special system boot?

Re:It's beyond me why any new OS isn't virus immun (1)

GoodNewsJimDotCom (2244874) | about 5 months ago | (#46884863)

All boots are security boots unless the user is changing start up programers or changing viruses. In System boot, the user knows that is his only place he can get a virus.

Re:It's beyond me why any new OS isn't virus immun (1)

VortexCortex (1117377) | about 5 months ago | (#46885145)

During a special system boot: You can only install drivers and bootable items.
During a security boot: You can only install software to its own directory, and it can't interact with other software or system files.

There, you can't get a virus.

Sure, now just don't have any errors in any of your user space code, or don't allow multiple programs to share code (all static links) -- Every program will need its own image decoding software, no two programs will interact, so the camera app won't be able to pass off an image to the QR code app which passes the data to your browser or price checking, or etc. apps, etc. So long as you keep the bits of each program in 100% (virtualized) isolation from each other, and NEVER allow outside data in to exploit them then you'll be ALMOST protected against getting viruses.

One the problems I ran into when porting my OS to ARM is that ARM only gives you a single bit of execution permission level. That means monolithic kernel only, which is just stupid. Only having user-space or kernel space means no driver-space between kernel or users, and no agent-space for plugins below user space. x86 gives me 2 bits (4 execution permission ring levels), in addition to hypervisory mode, which is essentially another bit of execution ring level. So, you have either trusted or untrusted code running in the OS, but that's daft. With at least one more layer between root and code you download and run in your browser, you could actually have hardware supported sandboxing.

Fast, Cheap, Convenient, or Secure. Pick Only Two.

The monolithic kernel design isn't designed for security, it's just the quickest and dirtiest design (read: dumbest). Compare this with 16bit DOSes unified memory space where any program can fuck with any other part of memory... Any kernel module can screw with any other part of the kernel, same problem different level. Since everyone's using the dumb monolithic kernel design the (ARM, PowerPC, MIPS, etc) hardware vendors do not give us the required additional security features in hardware (see: ARM's User Mode, Supervisor Mode [, and interrupt modes, but that's not where the bulk of your OS code is]). Restricted memory access does a lot to isolate processes, but the fact is that the way we are using software and OSs is not in line with the current hardware capabilities (which are lacking in some areas, and under utilized in others, e.g., hypervisor).

Contrary to popular belief software and hardware are inexorably linked. Features in hardware (or lack thereof) can enable, promote, prevent, or suppress certain types of program constructs, primarily those to do with security. I do not JIT compile JS into machine code and execute it in user space, that would be daft, but there you are.

Re:It's beyond me why any new OS isn't virus immun (0)

Anonymous Coward | about 5 months ago | (#46885173)

I'm sorry, but are you joking, or are you just stupid?

Don't forget to run your Android Virus Scan (1)

Anonymous Coward | about 5 months ago | (#46884361)

It turns the red 'X' into a green check mark.

Colour me surprised? Not really. (0)

Anonymous Coward | about 5 months ago | (#46884409)

Windows occupies a large percentage of the market, thus most malware target that platform. According to the summary, Android occupies a large percentage of the market. Couple that with carriers that do not push any firmware updates known to close security gaps, is anyone the least surprised that mobile malware targets this platform over all the others? I'm not.

this is news? (0)

Anonymous Coward | about 5 months ago | (#46884419)

a lot of open source code, fragmented platform, vendor (carrier and/or handset manufacturer) updates slow or non-existent, google fails at policing its 'app store' allowing malware in quite easily, inexperienced 'developers' with dreams of big money release shitty code...... a perfect storm for malware to thrive in, and users are mostly unaware (captcha text)

Patting my z10 (1)

Rigel47 (2991727) | about 5 months ago | (#46884443)

Although everyone seems to rejoice at Blackberry's troubles their new Z/Q phones are not only the most secure on the market they are also a pleasure to use. I've had an android and used iPhone's before and they do not compare. The ease of multi-tasking, the Hub, and the generally reliable performance are a pleasure. With the latest BB OS they also run Android apps with ease. It's not 100% compatibility but I've gotten Google Navigate and others installed with one click.

Android is the Windows for mobile (1)

turp182 (1020263) | about 5 months ago | (#46884531)

Security flaws weren't what made Windows the prime target for attacks. It was market share. So it makes sense that Android is being targeted, it has the market share (phones and tablets).

Therefore, this should come as no surprise.

All software has security flaws (bypassing software you have hardware vectors as well).

Most any app could be malicious based upon the OS features it requests access to.

Apples iOS ecosystem seems pretty secure, a big part of that is app review/rejection.

Re:Android is the Windows for mobile (1)

Noah Haders (3621429) | about 5 months ago | (#46884651)

there's the issue of market share and the issue of inherent security design. Android is as secure as a sieve, which is why it had 97% of the malware even when it had small market share. iOS has always had very low malware, even when it was the only kid on the block. You'll note that every instance of iOS malware is so unique and rare that it makes the news and the slashdot front page, while android stuff isnt' commented in. Wasn't there a bug in 4.2 in earlier that makes the phones completely insecure, yet won't be patched on millions of phones?

Re:Android is the Windows for mobile (1)

Tough Love (215404) | about 5 months ago | (#46884685)

...it makes sense that Android is being targeted, it has the market share...

Speaking as an Android fan, that is a cop out. Better we should fully concentrate on examining the attack vectors and closing them. IMHO, the major attack vector is Google's project governance: Android is not a faux-open project, therefore gets a tiny fraction of the peer review that is possible. Next item on the list would be: a security model designed on a whiteboard in a marketing meeting. Typical megacorp engineering approach, by the way. Third thing to regard with high suspicion: Java and anything to do with it. I am sure the list goes on. At least Linux itself is pretty tight, but as long as Google gets free run with no adult supervision, anything can happen.

Not a surprise (0)

NicBenjamin (2124018) | about 5 months ago | (#46884637)

Android does not have a curated market, so it's relatively easy to get Malware out, and then when it gets detected there's no one guy who can say "everyone with this bugged app and auto-update on is safe." Now if iOS was still the dominant OS that wouldn't matter. All Malware authors would be spending all their time trying to crack that shit because there was nothing else worth cracking. It's somewhat analogous to that brief period when OS X had enough market share that people started caring about it, but also had worlds better security then those versions of Windows because it was a BSD flavor and Windows meant XP. Cracking BSD would have been fucking hard, and with all those pretty Windows boxes to infect why bother?

Since then MS has improved, so that Macs are only slightly more secure then Windows boxes, and OS X market share has improved. Now Macusers actually have to pay attention to security (FYI fellow Macusers: do NOT install MacKeeper. It is a scam. A scam that I see at least twice a month, which means some asshole keeps downloading the damn thing).

I have no idea whether iOS Malware with ever catch up with Android. It will probably depend on a bunch of factors: can Apple keep the AppStore monopoly, and stay successful at suppressing malware in said store? Does some clever googler figure out a magical way to make the freest phone OS much harder to abuse? Does Droid's market share remain so huge that bothering with non-Droid malware is a dumb business move?

Wow! (0)

Anonymous Coward | about 5 months ago | (#46884681)

It's nice to be the popular girl at the dance for a change . . . I think.

Who's saying ? (0)

obarthelemy (160321) | about 5 months ago | (#46884739)

Of note:
1- F-Secure have no "security suite" for iOS- because that's not possible, Apple disallows it-. Guess what, they find threats where they have product to sell
2- Listing a grand total of Android viruses is very biased, most people are neither rooted nor using stores outside of Google Play. That takes aways almost all the viruses..

In the end, alarmist bullcrap with no basis in reality.

Market Share /= Rewards (2, Informative)

Grizzley9 (1407005) | about 5 months ago | (#46884835)

That's great in terms of dominating the market and reaping the rewards that come with it,

Hmm, I guess you've not seen the $ that Androids competitors bring in directly and for their developers.

android is cheap shit for ghetto kids (0)

Anonymous Coward | about 5 months ago | (#46884877)

of course it's riddled with malware and other bullshit

Furthering what I've said here all along (0)

Anonymous Coward | about 5 months ago | (#46884907)

The more used ANY OS is on any given platform, the more it will be attacked. Why? Simple. Human nature. The bogus side of it. Criminals, are criminals. No matter the place, & they always act the same, using the same general modus operandi.

Take pickpockets for instance (a favorite example of mine to equate by analogy). Same as the online scammer/malware in general maker: Neither operates on "crowds of 1" really. They seek crowded spots like busy city streets, malls, tran & bus stations + other heavily packed throughfares to operate, since greater numbers generally means better "take" of loot (more potential victims). The best return on invest of their time is the crowded spots.

In this case, it's Android on smartphones, like Windows is on PC's & Servers combined. This all makes you realize the YEARS OF CRAP spewed by many here on /. of "Linux = Secure, Windows != Secure" is completely blowing up in their faces - why? Again - once Linux (yes, ANDROID IS A LINUX) got a "top spot" on a computing platform, all that "fud" crap went to where it belongs - the shiiter.

Those who spouted it initially? NOW, they have to "eat their words"... no doubt about it.

APK

P.S.=> It's the inevitable truth coming to, as per it's usual, STOMP on years of bullshit lies spewed around here... apk

Malicious Drive By Downloads (1)

jblb (2639331) | about 5 months ago | (#46885113)

I find browsing even 'legit' websites on my Android phone brings up malicious pop up ads warning my phone has a virus, and need to download. Clicking on the link would start a download for the malicious app to try and side-load it onto the phone. A recent site which tried to this was slickdeals.net, but there have been more than a few others.

Like the notorious Gartner report? (0)

Anonymous Coward | about 5 months ago | (#46885151)

Is the claim that 99% of mobile malware that targets the OS itself directed at Android, or are they also counting exploits against the pandemic of terrible apps brought on by the absence of any significant obstacle to publishing crap on the Play Store?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?