Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Experts bust Android security myths

James A. Martin | May 21, 2015
Thanks to its inherent "openness," the open source Android OS is vulnerable to a variety of security risks, but how often do people you know actually fall victim to Android malware or other attacks?

Mark Hammond, senior manager for Cisco Security Solutions, agrees the Android threat has been greatly exaggerated. "The threat of Android malware is also directly associated with the source. If the average user is sticking with a well-regulated app store, like Google Play, then the risk of malware diminishes significantly."

The mobile malware threat is "really minimal," according to John Gunn, vice president of VASCO Data Security. While many people have some sort of malware on their computers, "few know anyone who has had malware on their mobile device," he says.

Verizon's 2015 "Data Breach Investigations Report" also concluded that "mobile threats are overblown," and "the overall number of exploited security vulnerabilities across all mobile platforms is negligible."

The risk of malware making its way into a native Android app is lower than ever thanks to Google's automated scanning and other new security improvements, according to Terry May, an Android developer with Detroit Labs. Google "reinforced the Android sandbox with SELinux and enhancements to the Google Play services library that can scan for vulnerabilities on the local device and not just the apps in the store," May says. "This means that even apps that have been side-loaded can be scanned."

Less than 1 percent of Android devices had a potentially harmful app (PHA) installed in 2014, and the number of PHAs on Android devices dropped by 50 percent between the first and fourth quarters of last year, according to a Google Online Security Blog post published by Android security lead engineer Adrian Ludwig in April 2015. Less than 0.15 percent of devices that only installed apps from Google Play had a PHA installed last year, Ludwig wrote. 

The bottom line is that malware attacks "are increasing because users are spending more time on mobile devices than ever before, the value of the data on mobile keeps increasing, and a single OS (Android) dominates the market, increasing the footprint for attackers," says Domingo Guerra, president and cofounder of Appthority

However, mobile malware isn't necessarily more prevalent. "Although the number of mobile malware apps is definitely booming, so is the number of good and benign apps," Guerra says


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.