iPhone has most vulnerabilities but Android is the most attacked

iPhone has most vulnerabilities, so why is Android the most attacked?

There was a 32 percent increase in the number of documented vulnerabilities for mobile operating systems in 2012 and, not surprisingly, a 58 percent increase in mobile malware, according the most recent annual Internet Security Threat Report from Symantec.

But it isn’t the number of bugs in your OS that makes your phone vulnerable. Some vulnerabilities are more attractive than others.

“We saw a huge shift in malware aimed at the Android platform,” said Paul Wood, Symantec’s manager of cybersecurity intelligence.

Android, with only 13 vulnerabilities reported last year, leads all mobile operating systems in malware being written. Apple’s iOS, on the other hand, accounted for the lion’s share of vulnerabilities during the year but was targeted by only one family of malware.

“Today, mobile vulnerabilities have little or no correlation to mobile malware,” the report concluded.

This could be bad news for government users of mobile devices. Although Android’s penetration in agencies is not yet near the 72 percent overall market share reported by Gartner, it now has about 25 percent of the government market, edging out the iPhone’s 23 percent.

The Symantec report looks at the number of discrete “families” of malware for different platforms, rather than the number of variants within each family.

The reasons for this lopsided distribution are not surprising. “Android’s market share, the openness of the platform and the multiple distribution methods available to applications embedded with malware make it the go-to platform of malware authors,” the report said.

Apple has tightly integrated the hardware and operating system for iOS, and the Apple App Store has a tighter rein on third-party apps developed for its devices. Although malicious apps are not unheard of in the company store, Apple is able to do a better job of policing the software and blocking bad actors when they show up. Owners of iOS devices have to “jail break” them to install unauthorized apps.

Google’s Android OS is available on multiple handsets, each of which might tweak the software a little differently, making it more difficult to fix vulnerabilities or block exploits once they appear. And although Google has its own Google Play official store for apps, Android users are free to load anything on their devices they want to. And they do.

The result: Android has become a playground for mobile users and malware writers alike.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Mon, Apr 29, 2013

Has anyone considered it is Apple paying someone off to hack into Androids just to upset the competition. Competition is rough out there and as much as we want to think that it is all clean, it is not. The same programmers that develop the apps sometimes are the same programmers that install the malware, why because someone else is paying them too. But I guess that just makes to much sense, I mean common sense. Why not try investigating each other and see what you come up with.

Mon, Apr 22, 2013

Phones running Android 4.2 and later that have Google Play installed have the option of using Google as an application verifier. If the app is harmful, Google will warn you not to install it, or it may block the installation completely. For more details of the on how users are protected, see http://googlemobile.blogspot.com/2012/02/android-and-security.html The Georgia Institute of Technology conducted a recent detailed cyber security report (as opposed to a company releasing a report that is trying to sell yousoftware). Their conclusion, “Largely, it appears that the mechanisms in place appear to be working,” said Patrick Traynor, Assistant Professor with Georgia Tech’s School of Computer Science. “Even though malware does get into the market, people don’t seem to be downloading those apps.” Full report here. http://gtsecuritysummit.com/pdf/2013ThreatsReport.pdf

Mon, Apr 22, 2013 Caprica

So I disagree a bit with the statement: "Android users are free to load anything on their devices they want to". While it is true that you can go outside of the Play store to download and install items there is still a need to "root" devices in order to force certain applications on an Android device. Try getting your 70 year old grand mother to do that. I think the statement should have read "Android users are able to download and install programs outside of the forced monitored and policed Apple store. I mean...Play store".. Sorry, all sarcasim aside these short and shallow articles really get me fired up. There's no depth here. Who's the target market here in this article anyway? A mid level manager without a clue?

Mon, Apr 22, 2013 Rocwurst Australia

Vulnerabilities that are rapidly patched are not the problem - malicious exploits are the problem and Android is the malicious exploit and malware capital of the world. There are 500 million active iOS devices versus 750 million Android devices around the world and yet it is Android that had 65,227 different pieces of malware infecting 32.8 million Android phones in 2012 while zero (non-jailbroken) iOS devices were maliciously infected according to NQ Mobile.

Sat, Apr 20, 2013 ViewRoyal

"Why is Android is the most attacked?" Because hackers like a challenge rather than doing something that is easy. They would rather spend many hours breaking into Android (which gets much less Internet usage, and much less advertising revenues, and much less app sales. Why would they ever want to break into iOS which is much easier, and has a greater Internet usage and higher advertising and sales dollars involved? If you haven't figured it out, I was being facetious! In reality (remember what reality is?), according to McAfee, in 2012 Android had 36,699 forms of malware attacking it... iOS has ZERO!!! According to the "logic" of this article, malware writers are spending all of their time writing malware for Android (which is "hard" to break into, and less profit motive), while not bothering AT ALL breaking into iOS (which is "easy" to break into, and is much more profitable). Yup, that makes total sense... if you live in Bizarro World ;-)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above