Windows Mobile users are safer due to the rule of "security by obscurity," Simic says. "Most hackers will direct their efforts where the biggest payoff is, and right now that target is Android due to its sheer amount of users.
Documented high-profile Android attacks
During the past year or so, a number of high-profile Android-based attacks and vulnerabilities made headlines.
Operation Emmental, which targeted 34 European banks, is probably the highest profile attack that used Android malware as a key component, according to Simic.
"The sophisticated attack was used to bypass two-factor security implementations that banks had deployed to protect their users," Simic says. "Throughout the attacks, it is estimated that about $1 billion was stolen."
The WebView bug in Android 4.3 (and older versions) was also widely reported, according to Gleb Sviripa, an Android developer at KeepSolid, and it left around 930 million Android devices vulnerable to potential attacks. WebView let "apps display Web pages without launching a separate app, and the bug could open up affected phones to malicious hackers," Sviripa says.
Google launched security patches for Android 4.4 and above but said it wouldn't develop patches for earlier OS builds. Instead, it encouraged the development community to step in. Google's head Android security engineer said the decision was due to "the complexity of applying patches to older branches of WebKit," according to ZDNet.
AndroidLocker, another very real threat, is "a new malware variant discovered last year by Dell, which mirrored the functionalities of ransomware," says Swarup Selvaraman, senior product manager at Dell SonicWALL. "The malware would lock down mobile devices, claiming to be the FBI, and demand users pay a 'fine' within a certain time to unlock their devices and avoid criminal charges.
In 2014, Dell also discovered an Android Trojan that targeted South Korean banks, Selvaraman says. "When users would download the malware, it would appear in their app drawer as 'googl app stoy,'" Selvaraman says. "If opened, it would show an error message, shut down, and seemingly uninstall itself. However, it was secretly still running in the background, specifically monitoring South Korean financial apps."
Android security threat is real but 'overblown'
The mobile security threat exists, but it is "overblown," according to new research from Damballa. For its spring 2015 report, the company monitored about 50 percent of U.S. mobile traffic (including but not limited to Android). Damballa concluded that mobile users are 1.3 times more likely to be struck by lightning than to have their mobile devices compromised by malware.
"This research shows that mobile malware in the Unites States is very much like Ebola — harmful, but greatly over exaggerated, and contained to a limited percentage of the population that is engaging in behavior that puts them at risk for infection," said Charles Lever, a Damballa senior scientific researcher, in a press release on the company's website.
Sign up for CIO Asia eNewsletters.