Being the most widely used mobile operating system on the planet, Android can be found on a large variety of devices and services, and offers hundreds of thousands of available customized apps to enhance the functionality of your device. Unfortunately, Android also accounts for a whopping 79% of mobile malware cases reported by the US government. Even more unsettling, nearly half of all Android users were found to be significantly exposed to malware due to the fact that they are still running on outdated operating systems that are known to be particularly vulnerable to cyber attacks.
When malware creators devise a new scheme, they set out to infect as many users as possible with any number of tactics. So, it makes sense then that they would target the Android operating system (OS), as the number of phones running on the OS are higher than any other smartphone OS. Why then, does Apple’s operating system (iOS) only account for 0.7% of malware cases, when it holds a 13.2% market share (as can be seen in the government report)?
The answer is two-fold. First, and most critical, has to do with Android’s internal architecture. When Google created the Android operating system, they made a decision to make it “open source,” meaning anyone has permission to create, modify and distribute software built on the Android platform. Any Average Joe programmer or app builder with an idea and enough know how can create his own app and sell it to Android users. This is a malware creator’s dream come true, offering easier access to a larger pool of victims, and it stands in direct contrast to Apple’s stringent guidelines for hardware and software development.
Second, a significant number of Android users were found to be running off of a much older operating system that leaves their mobile devices wide-open to malware. According to the report released by the FBI and Department of Homeland Security, 44% of Android users are still operating on versions 2.3.3 through 2.3.7 – an operating system known as “Gingerbread” which was released in 2011. The Gingerbread versions are widely known to leave users open to a number of vulnerabilities that were repaired in later versions of the OS. Some of the specific security vulnerabilities that were detailed in the report include:
- Text Message Trojans: According to the federal government, text Trojans represent nearly half of all malicious apps found on outdated Android operating systems. These Trojans commandeer your device, sending out text messages to premium rate numbers owned by criminal hackers – resulting in potentially exorbitant charges for the device owner.
- Rootkits: A form of malware that hide their existence from normal forms of detection, rootkits log your phone’s location, keystrokes, and passwords all without your knowledge and can result in compromised personal and financial information.
- Fake Google Play Domains: A more unique cause for concern, the federal report brought light to a security threat in which cyber criminals dupe users into downloading malicious apps from a fake Google Play store. These apps can also download important personal and financial user data and can spell disaster for your mobile device.
Now, part of the issue can be linked back to the phone manufacturers, not necessarily user error. Google provides the update first to the handset manufacturer, who then decides which handset models they wish to make the update available on. Not all models come with the update in these cases. Don’t let all of this dissuade you though from purchasing an Android device. If available through your phone manufacturer, there are certain precautions you can take to avoid falling victim to any of these documented threats.
- Update your Android OS. In order to update your operating system, visit the “Settings” application on your mobile device. Exact wording may vary, but find the option similar to “About Phone.” Within this dialogue, click on “Software Update” to install the latest OS.
- Install OS updates as they’re released. Try to update your OS as soon as new updates are made available through your mobile device manufacturer. Your device likely displays a notification when security and software updates are released. Those updates are usually issued to fix bugs or vulnerabilities that hackers have discovered and are exploiting already. Take your phone’s advice and update your OS immediately when prompted.
- Beware of malicious apps. Because of its open-source nature, anyone with the knowhow can download the software development kit to write and create apps for Android phones. Google doesn’t screen developers or apps, which means unrated (or poorly rated) apps should be a red flag.
- Double check that you’re in the official Google Play store. An easy way to do this is to always browse through the designated Google Play app on your Android device. If you enter the Google Play store by clicking on a link somewhere, double check that the URL is correct: play.google.com.
- Protect your device with comprehensive security. Even if you follow the above precautions, you might want to consider investing in a complete mobile security solution. Android devices are the targets of some sophisticated and creative attacks. To truly ensure that your personal and financial information stay safe, protect yourself with McAfee® Mobile Security which will protect your Android smartphone or tablet from risky apps, mobile malware and other threats.
Keep your sensitive data safe on your Android mobile device by staying on top of software updates. And stay up-to-date on the latest mobile security threats by following us on Twitter @McAfeeConsumer and like us on Facebook.