79 Percent of Mobile Malware Targets Android
An overwhelming 79 percent of all mobile malware threats target devices running Google's Android operating system, according to a joint unclassified memo from the U.S. Department of Homeland Security and Department of Justice.
"Android is the world's most widely used mobile operating system and continues to be a primary target for malware due to its market share and open source architecture," notes the July 23 memo[PDF], which was obtained and published online by the website Public Intelligence.
In comparison, just 0.7 percent of mobile malware is designed to take advantage of Apple's iOS, according to the document, which cites data from 2012. Another 19 percent targets Nokia's aging Symbian platform while 0.3 percent affects Windows Mobile and BlackBerry, and the remaining 0.7 percent takes advantage of other mobile operating systems.
A major part of the problem on Android is that so many users are running old versions riddled with security vulnerabilities. The memo cites industry stats finding that 44 percent of Android users were running Android Gingerbread (version 2.3.3 through 2.3.7), which was released in 2011 and contains a number of flaws that were patched in more recent versions.
The problem isn't quite that extreme anymore, as some users have updated to newer versions since those numbers were released. Even so, as of Google's most recent stats, Gingerbread was running on 33.1 percent of Android devices while the even older Android Froyo, Eclair, and Donut versions together accounted for 3.8 percent.
"The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date," the memo states.
Nearly half of the malicious apps circulating today on older Android OS devices are SMS text message trojans, which send messages to premium-rate numbers without the user's consent, resulting in "exorbitant charges." Other known security threats facing mobile devices include rootkits, which silently log a user's location, keystrokes, and passwords, and fake Google Play domains, which are set up by crybercriminals to trick users into installing malware.
"Android is the world's most widely used mobile operating system and continues to be a primary target for malware due to its market share and open source architecture," notes the July 23 memo[PDF], which was obtained and published online by the website Public Intelligence.
In comparison, just 0.7 percent of mobile malware is designed to take advantage of Apple's iOS, according to the document, which cites data from 2012. Another 19 percent targets Nokia's aging Symbian platform while 0.3 percent affects Windows Mobile and BlackBerry, and the remaining 0.7 percent takes advantage of other mobile operating systems.
A major part of the problem on Android is that so many users are running old versions riddled with security vulnerabilities. The memo cites industry stats finding that 44 percent of Android users were running Android Gingerbread (version 2.3.3 through 2.3.7), which was released in 2011 and contains a number of flaws that were patched in more recent versions.
Google's Android 4.3: What's New?
The problem isn't quite that extreme anymore, as some users have updated to newer versions since those numbers were released. Even so, as of Google's most recent stats, Gingerbread was running on 33.1 percent of Android devices while the even older Android Froyo, Eclair, and Donut versions together accounted for 3.8 percent.
"The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date," the memo states.
Nearly half of the malicious apps circulating today on older Android OS devices are SMS text message trojans, which send messages to premium-rate numbers without the user's consent, resulting in "exorbitant charges." Other known security threats facing mobile devices include rootkits, which silently log a user's location, keystrokes, and passwords, and fake Google Play domains, which are set up by crybercriminals to trick users into installing malware.