One of the basic landscape issues in mobility is the security of Google’s Android operating system. The reason is simple: The confusing maze of versions of the OS and the need to somewhat differently configure each for the variety of device manufacturers and networks upon which they run creates cracks and crevices through which clever, and even not so clever, crackers and malware distributors can do damage.
Google, which claims that it is reacting to the challenge, this week released its third annual Android Security Year in Review.
One of the key tools is Verify Apps, which continually patrols users’ devices for potentially harmful applications (PHAs). Google said that Verify Apps conducted 750 million daily checks in 2016 compared to 450 million the year before.
Overall, Google’s efforts have cut problems significantly, at least according to the company. The report says that Trojans are now 0.016 percent of installs, a 51.5 percent drop compared to 2015. Also dropping overall and compared to 2015: hostile downloaders (0.003 percent; 54.6 percent), backdoors (0.003 percent; 30.5 percent) and phishing apps (0.05 percent; 0.15 percent).
An example of the type of attention being paid to security was the removal of a family of potentially harmful applications, Threat Report reported last week. Chamois malware potentially manipulated ad traffic, sent premium text messages and downloaded more plugins. Researchers said that the malware featured a multistage payload and custom encrypted storage, and constantly changed its file format.
While that’s pretty clearly good news, Google is not out of the woods. Far from it. Macworld offers an Android versus Apple iOS comparison. Unsurprisingly, considering its name, the story notes that the site “sit(s) unashamedly in the iOS camp.” Still, the piece seems fair. The first section deals with security.
The main takeaway is that one demographic group in particular really likes Android: the bad guys. Pulse’s 2015 Mobile Threat Report estimates that 97 percent of mobile malware is written for Android. In 2013, the U.S. Department of Homeland Security said that only 0.7 percent of malware aimed at iOS. The reason is simple:
It's easier to break into Android, and malware writers will almost always go for the low-hanging fruit.
Not all the problems are Google’s fault. Last week, Check Point Software reported that severe infections were found on 36 Android devices sent to two companies. The problems were introduced after the devices left the factory and before they arrived at the customer premises. This suggests that Google’s supply chain is not secure.
Google is making progress in its security efforts and significant dangers exist. The two facts are not contradictory. Hopefully, the balance will continue to tilt toward progress and away from insecurity as time passes.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.