NSA has cracked the iPhone, claims researcher
NSA has cracked the iPhone, claims researcher

Two new reports suggest there has been a sharp rise in malicious attacks on mobile devices, and surprisingly highlight that Apple's iOS operating system - which drives the iPhone, iPad and iPod Touch – is at least as dangerous for users as Google's Android platform.

The first report comes from Webroot which says that 15 percent of Android apps are malicious, with another 14 percent labelled as suspicious.

The second report from US-based apps risk management specialist Appthority reveals that Apple's iOS platform is worse, with more than 90 percent of the top 200 apps - 100 paid and 100 free - in Apple's App store exhibiting "risky” behaviour.

Both studies have been released to coincide with the opening of the Mobile World Congress in Barcelona on Monday. The show is arguably the largest mobile technology exhibition in Europe, with vendors showing off new hardware and software products, as well as security solutions.

Webroot's Mobile Threat Report 2014 analysed more than 5.9 million mobile apps and hundreds of thousands of infections, almost 125,000 lost device protection activations - and infection rates from millions of customers between 2011 and the end of 2013.

Grayson Milbourne, Webroot's security intelligence director, discussed the report's findings with SCMagazineUK.com and explained that it found that almost 39 percent of malware-generated text messages, and 8.9 percent of malware had started using obfuscation.

The mobile industry, he said, has reached something of a tipping point worldwide over the last few months, with the number of smartphones in active usage now exceeding the number of old-style `voice and text' mobiles.

"Our mobile research labs have been running for four years now, and we categorise apps into six classes: benign, malicious, moderate, suspicious, trustworthy and unwanted," he said, adding that just 14 percent of apps on the Android platform - which accounts for 80 percent of smartphones - were classed as trustworthy. 

Many users looking for pay apps – for free

Whilst Apple's App store and Google's Android Play app store are relatively safe, around 30-40 percent of users are actively looking to other sources on the Internet for free applications. 

The task of cyber-criminal analysis of apps has been made a lot easier by the arrival of tools that reverse engineer the app to produce the underlying code for the program. 

The solution, says Webroot's report, is that mobile users must take additional precautionary steps to protect their data in order to keep up with evolving - and opportunistic - presence of hostile programs and hackers. 

Milbourne says business users should also use corporate VPNs to defend their smartphone's connection the Internet, although he concedes that not all data flows need to be encrypted, such as routine web browsing. 

Appthority's report says that the apps you download onto your smartphone, especially on the iPhone, are sharing more personal data than most users realise.

Some 90 percent of the top 200 iPhone apps are claimed to exhibit “risky” behaviour, which is defined as location tracking, accessing contacts and/or calendar details, and sharing your data with third-parties such as advertising networks. 

Overall, the report says that iOS shares more data than Android and that free apps share more information than paid apps.

Appthority Mobile App Risk Management Service analysed the most recent top 400 apps provided by Apple and Google, and compared the findings to data from its Summer 2013 study. 

“Mobile apps bring both enormous opportunity and enormous risk to enterprises and their employees,” said Domingo Guerra, co-founder of Appthority.

“Companies know they must empower their workforce to leverage mobility while also protecting sensitive and valuable corporate data. Since BYOD quickly turned into ‘Bring Your Own Apps', it is essential for IT and security administrators to have full visibility and control over mobile apps that present potential security and privacy risks," he explained.