DHS Report: Android Responsible for 79% of 2012 Mobile Malware

When the mobile wars started last decade, the two major players, Apple and Google, took two very different approaches. Apple chose to adopt a “closed system” approach for its iOS platform, strictly controlling exactly which apps could be distributed and what hardware features those apps could access. Google took the opposite route, opting for a far more open ecosystem where users with enough technical savvy can do just about anything they want with their Android devices.

Although many iOS critics cite the lack of choice that Apple’s customers have in certain areas, the Cupertino company’s approach does result in a far more unified user base with far fewer security risks (although some notably still exist), while security flaws and malware are a common occurrence for Android. According to a new report (PDF) from the US Department of Homeland Security, however, the situation is far more dire for Android than most assume.

According to the report’s findings, dated July 23, 2013, 79 percent of mobile malware threats targeted Android in 2012, compared to just 0.7 percent for iOS devices. A major factor noted by the report for the disparity is not just Android’s open nature, but its highly fragmented user base, with a significant number of Android users running long out-of-date versions of the operating system:

Android is the world’s most widely used mobile operating system and continues to be a primary target for malware attacks due to its market share and open source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7 — known as Gingerbread — which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions.

The report identifies three primary classes of malware affecting Android devices: SMS (text messaging) trojans, rootkits, and fake Google Play domains. SMS trojans trick users into installing apps that then automatically send text messages from the users’ phones to premium text services which charge a fee for each message sent, costing the victim hundreds or thousands of dollars while enriching the criminals who own the premium numbers and distribute the trojans. Rootkits are malware that hide in the very core of an operating system and can often evade detection while they gather user data and perform other nefarious functions. Fake Google Play domains trick users into believing they are visiting the authentic Google Play store operated by Google, and use the misbegotten trust to entice users to download malicious apps and viruses.

All of the aforementioned issues can be avoided with a combination of Android security software, anti-malware utilities, and safe browsing practices, along with making sure to keep up to date with the latest Android OS releases. With the increasing number of government employees using mobile devices at work, the report hopes to encourage employees and government IT managers to increase their vigilance when it comes to mobile malware, for the sake and safety of the entire nation.

Other platforms also suffer from mobile malware at various rates. The report identifies Nokia’s Symbian OS as suffering from 19 percent of attacks in 2012, followed by Windows Mobile and BlackBerry at 0.3 percent each, and “Other” at 0.7 percent.