97% of mobile malware targets Android users
Majority of mobile threats in 2013 motivated by profit say F-Secure
Android apps too free and easy with access permissions
Research just published claims to show that more than 97 percent of mobile malware is aimed at Android devices and their users.
Against a backdrop of most analysts reporting Android as accounting for 65 to 70 percent of the smartphone market, this suggests cybercriminals are actively targeting the Google mobile operating system in preference to other platforms.
F-Secure, whose 40-page H2-2013 Threat Report was released this morning, acknowledges that the Android security situation is bad.
[What is also interesting is that the mobile security vendor says that Android malware jumped from 238 threats in 2012 to 804 in 2013 - with new Symbian malware barely registering and no active new threats discovered for other smartphone platforms.
Mikko Hypponen, F-Secure's chief research officer said that mobile threats are only part of a larger threats landscape that is being driven by social media usage - which may come back to haunt today's teenagers in later life.
In fact, he says in the report, it is going to be interesting to watch presidential elections in around 2040, as the teenage angst pics and posts of all candidates will be dug out from old social media and discussion forum archives for everyone to see.
Other issues such as the hot topic of government surveillance, meanwhile, is not about governments collecting the information you are sharing publicly and willingly, but is more about collecting the information you do not think you're sharing at all.
This includes information such as the online searches you carry out with search engines - as well as your mobile's location and your private emails plus text messages.
"But just because it can technically be done doesn't make it right. Our enemies keep changing. We used to fight the online hackers, then the online criminals. Nowadays we worry more and more about governmental action," he noted.
Back on the mobile track, F-Secure's H2-2013 threat report says that repackaged apps pose a security risk, since they typically ask for more permissions than the original non-trojanised programs, which is the ‘weak point' that allows the app to complete its malicious routines.
Repackaged apps, says the report, are essentially an updated take on social engineering, since they take advantage of the user's overriding desire to install and use a popular app to gain the permissions needed to execute their malicious behaviour.
The main driver behind mobile security threats, the report concludes, is not mischief, but sheer profit - with the majority of mobile threats F-Secure saw in 2013 being motivated by profit.
Commenting on the report, Rob Bamforth, a Principal Analyst with business and security research house Quocirca, said the conclusion is that the vast majority of mobile malware is affecting Android - even though the mobile operating system's market share is much less than this percentile - reflects the fact that Android is a much softer target for cybercriminals than other platforms,
"By software I mean from an operating system perspective," he said, adding that this may be due to lack of control over the Android ecosystem, as compared to the controls on apps and other issues imposed by Apple on its platform.
Basically, he told SCMagazineUK.com, the control over the Android ecosystem just isn't there.
"You don't get this problem with, for example, Apple, as the iOS platform is a closed and heavily controlled apps environment,” he said.
On the other hand, the Quocirca analyst went on to say, Android has established a reputation amongst its users as being an open an innovative mobile platform - even if there are a large number of variances when compared to other mobile operating systems
"My view is that Android is going the same way as Java. As each different version appears, it shares different elements of the software stack. This variance is unique to Android, and doesn't apply to the Windows or Apples mobile platforms, which do not share stacks," he concluded.