F-Secure published the 2nd of its 2013 bi-annual threat report, which now has a special portion reserved for mobile devices. Smartphones, Tablets, pocket devices, and more represent an astounding amount of today’s internet connected devices, making them a high profile target for would-be-digital-assailants. Trojan based attacks accounted for 75 percent of mobile attacks.
The Finnish security company notes some interesting factoids in its report, some of which were quite striking, to say the least. 97 percent of malware that was identified, targeted Android specifically. While this figure seems wildly high, you have to take into account the staggering market-share Android holds today. Roughly 80 percent of the global market is running some form of Android, which includea more than the smartphones as we commonly see today. Android is a diverse beast, and runs on devices across a wide spectrum. So, what exactly was the most interesting footnote in the report? How about the headline-worthy “F-Secure did not identify any malware targeting iOS, Windows Phone, or BlackBerry devices last year.” In 2nd place landed Symbian, and in third, J2ME.
Maintaining good security practices is of high value. Downloading foreign 3rd party applications from various web portals for even common applications may seem like no matter, but it is a serious risk. This is given you know how to enable the function in your Android phone’s settings page. Download and install applications only from the official Google play store is one such practice to minimize such a risk. Additionally, minding which links you click on in emails, attachments, and so forth are a common tactic by evil-doers, but can inflict just as much pain as a rogue app. Alternative app stores are an appealing option for some users, but it goes without saying you still must remain cautious of where and what you are doing.
All Google Play Store apps go through a multiple-stage review process, weeding out most of the malicious troublemakers, something many 3rd party app stores may not have the resources to do, or even choose to in the first place. Google has been making large efforts to increase the security of the Android platform. Android 4.3 saw the addition of a prompt to verify activity when the messaging app sends out a large amount of text in a short period of time. Kit Kat (4.4) added multiple security enhancements as well, although taking out AppOps was a bit of an odd move to some. AppOps would allow you to fine tune and control what a specific application is sharing and sending out to the outside world on your behalf, as well as what it is accessing on your device.
Contained in the report, are some noteworthy statistics to review. F-Secure shows that a large chunk, 75 percent of the malware sample set, is from Saudi Arabia and India, with the United States trailing in third. Of this set, apps downloaded from the Google Play Store amounted to only 0.1 percent (132,738 total) of the total malware catch. For third-party app stores, the top four were noted as Malicious (Anzhi, Mumayi, Baidu and eoeMarket, all Chinese focused). Amazon’s app store was not noted among that top 10 percent list, nor was F-Droid, the popular FOSS alterntive to the Google Play Store.
You can review the full PDF for more details, including non-mobile threats. I highly suggest peering through the whole thing.
Source: Android Authority