Thanks to its inherent "openness," the open source Android OS is vulnerable to a variety of security risks, but how often do people you know actually fall victim to Android malware or other attacks?
Is the Android security risk overstated? Is the Android risk really greater than the risks posed by its iOS and Windows Mobile counterparts? And what can users, and the enterprise IT departments that support them, do to better protect their Android devices?
We asked these questions, and more, to a variety of mobile security experts from companies including Cisco, Dell and Lookout. Here's what they had to say:
Android security threat is real
Android malware that affected U.S. users increased by 75 percent from 2013 to 2014, according to security firm Lookout's "2014 Mobile Threat Report."
"That's a significant jump, predominantly driven by an increase in ransomware, a nasty form of malware that locks a person's device and demands money in exchange for reinstated access," says Michael Bentley, Lookout's senior manager of security research and response.
Android devices were the targets of 97 percent of all mobile malware in 2014, according to Pulse Secure's "2015 Mobile Threat Report." And the Android security risk level "increased substantially year-over-year," says Troy Vennon, director of Pulse Secure's Mobile Threat Center. In 2012, there were 238 specific Android malware threat "families," and that number jumped to 804 in 2013 and 1,268 in 2014, according to Vennon.
[Related: 8 Android security tips for IT, corporate users]
At least 15 million mobile devices were infected with malware in September 2014, according to a report from Alcatel-Lucent's Kindsight Security Labs. Of those devices, 60 percent were Android smartphones and about 40 percent were Windows PCs that connected to the Web via mobile networks. Windows Mobile, iOS, BlackBerry and Symbian devices represented less than 1 percent of mobile malware infestations.
Symantec's 2015 "Internet Security Threat Report" says 17 percent of all Android apps (nearly a million) are malware in disguise. In comparison, Symantec uncovered approximately 700,000 Android malware apps in 2013.
Android more vulnerable than iOS, Windows Mobile
Android is more vulnerable than iOS because of its OS fragmentation, according to Geoff Sanders, cofounder and CEO of LaunchKey.
"Even when Google releases a security patch, it's ultimately up to the [device] manufacturer to provide this patch to end users," Sanders says. "This puts many more users at risk as their devices age."
The overall risk level for Android is also higher because it's the most popular mobile OS, according to Bojan Simic, CTO of HYPR Corp.
Apple deploys iOS only on its own devices, so the company has "far better control and knowledge of risk," Simic says. Apple's app verification system is also significantly more rigorous than Google's process in the Play store, and it results in less malware, according to Simic.
Sign up for CIO Asia eNewsletters.