iPhone has most vulnerabilities, so why is Android the most attacked?
- By William Jackson
- Apr 19, 2013
There was a 32 percent increase in the number of documented vulnerabilities for mobile operating systems in 2012 and, not surprisingly, a 58 percent increase in mobile malware, according the most recent annual Internet Security Threat Report from Symantec.
But it isn’t the number of bugs in your OS that makes your phone vulnerable. Some vulnerabilities are more attractive than others.
“We saw a huge shift in malware aimed at the Android platform,” said Paul Wood, Symantec’s manager of cybersecurity intelligence.
Android, with only 13 vulnerabilities reported last year, leads all mobile operating systems in malware being written. Apple’s iOS, on the other hand, accounted for the lion’s share of vulnerabilities during the year but was targeted by only one family of malware.
“Today, mobile vulnerabilities have little or no correlation to mobile malware,” the report concluded.
This could be bad news for government users of mobile devices. Although Android’s penetration in agencies is not yet near the 72 percent overall market share reported by Gartner, it now has about 25 percent of the government market, edging out the iPhone’s 23 percent.
The Symantec report looks at the number of discrete “families” of malware for different platforms, rather than the number of variants within each family.
The reasons for this lopsided distribution are not surprising. “Android’s market share, the openness of the platform and the multiple distribution methods available to applications embedded with malware make it the go-to platform of malware authors,” the report said.
Apple has tightly integrated the hardware and operating system for iOS, and the Apple App Store has a tighter rein on third-party apps developed for its devices. Although malicious apps are not unheard of in the company store, Apple is able to do a better job of policing the software and blocking bad actors when they show up. Owners of iOS devices have to “jail break” them to install unauthorized apps.
Google’s Android OS is available on multiple handsets, each of which might tweak the software a little differently, making it more difficult to fix vulnerabilities or block exploits once they appear. And although Google has its own Google Play official store for apps, Android users are free to load anything on their devices they want to. And they do.
The result: Android has become a playground for mobile users and malware writers alike.
William Jackson is freelance writer and the author of the CyberEye blog.