Advertisement

Android is Still King of Mobile Malware

Probably not part of Samsungs advertising budget of several billion dollars last year, is the fact that their devices are the greet purveyors of mobile malware. According to a report by security company, NQ Mobile, as reported by FiercemobileContent, 95% of all mobile attacks are aimed at Android OS devices, of which Samsung is the largest licensee.

Two thirds of all malware is classified as potentially unwanted programs such as spyware, pervasive adware, Trojans as surveillance hacks and root exploits. Another quarter of malware is designed to profit from personal details stored or entered into the device and only 7% renders the users device useless. 

Attack vectors are App Repackaging where the hacker inserts malicious code into legitimate apps for sale or distributed in various app markets. Smishing has a user click on a link which triggers the download of the malicious code or sends them to a rogue website. A third vector is the spoofing of a site to look like a bank or credit card site that extracts usercon personal details for later abuse.

By comparison, Apple devices such as iPad and iPhones are not vulnerable to these attacks or vectors. That’s because of the ‘sandbox’ approach to app operations, the non-anonymous development or modification of apps and the screening of apps which Apple uses to assure quality products are available in the store. Sandbox means that any developer can write code to affect their data, but not by any other app, or sensitive system function outside the sandbox. To present your app to the App Store, or to edit your app in the App Store, you have to have the app product digitally signed. That assures that there is a virtually zero probability that anyone else could have tampered with your app (there’s a HASH function that snaps a view of the app and can be used to determine if anything changes), and that anyone else besides you could have submitted that app. And, the review process for apps makes sure nobody is successful at introducing nasty software disguised as something else.

Thee three features of iOS takes all the fun out of writing malware: bad guys need to pretend to be someone else or something else and need to operate anonymously. Take those issues away, and they’ll Have to give up the bad guy business or play with the other OS, which they obviously have done.