Confirming what many commercial security companies already claim, a security bulletin published on the Public Intelligence website by the Department of Homeland Security and the Federal Bureau of Investigation identifies the Android OS as the most attacked mobile operating system. Nearly 80% of all malware threats in 2012 targeting mobile devices were focused on Google’s platform. The distant second place (19%) was held by Nokia’s Symbian OS, most commonly found on older feature phones. At the other end of the spectrum was Apple’s iOS, which despite being one of the most popular mobile devices on the planet, was only targeted less than 1% of the time in 2012.
What this means for you:
The malware focus on Android is not unexpected: the platform is fractured across multiple versions and multiple carriers, and there are hundreds of thousands of phones running older versions of Android that have well-documented security flaws that have been fixed in later versions. Unlike Apple’s relentless updating of the iOS, many Android phones rely on the carrier to push OS updates, which they do reluctantly, if at all, especially to hardware lines that are no longer being sold or considered a significant portion of the market.
Unfortunately, the carriers have also locked down the OS on many models, requiring a series of highly-technical processes to “unlock” and “root” the phone to force an update to the OS. Of course, doing so voids any warranties with the carrier, and has a chance of “bricking” the phone itself if the process is done incorrectly, or if it is updated with an OS that has bugs or is incompatible with that specific model phone.
Here are some things you can do if you find you are using an Android phone running an older version of the OS:
- Contact your carrier to request an OS update. If they tell you one is not forthcoming immediately, or that your particular model is essentially no longer receiving updates, let them know you are concerned about security flaws in the older OS, and ask for an upgrade to recent model phone.
- Whether or not a new Android phone is in your future, you should be extremely careful about “sideloading” apps. Only install apps from Google’s Play store, and be very careful following app install links from anyone. Instead, get the name of the app you want to install, go to the Google Play app already installed on your phone, search and install from there. If you can’t find the app, it’s likely the link was to a sideloading site (and potentially unsafe), or a disguised attempt to get you to install malware on your device.
- Install a malware protection app. Several reputable companies make apps for Android. I’ve been using SecureAnywhere from Webroot for several months now, without issue, and I will soon be testing Kaspersky’s app. Look for a name you recognize, and give their app a try. Some of them might slow your phone down on ocassion as they scan for issues, but the temporary inconvenience may save you from serious heartache later on.