We recently stumbled upon a great article over at Sophos, one of the leading providers of software security services explaining the security differences between Apple and Android devices. Even though this article shows both sides, there’s a clear winner when it comes to mobile device security for law firms.
Google’s Android platform has become a larger target for mobile malware writers than Apple iOS. This could be a result of Android’s popularity—with more than 1 million activations per day, Android smartphones command a 59% market share worldwide. However, the relative vulnerability of Android vs. iOS comes down to the level of control the vendors have over products and the marketplace for development and distribution of apps.
Mobile malware writers know the best way to infect as many devices as possible is to attack central application markets. The cyber-criminals plant applications that include hidden (obfuscated) malicious functionality in an attempt to avoid detection included in the vendor’s application vetting process (e.g., Google Bouncer).
In 2011 alone, Google removed more than 100 malicious applications from its app store. Google discovered 50 applications infected by a single piece of malware known as Droid Dream, which had the capability to compromise personal data. However, Google hasn’t always acted in a timely manner to prevent infections. Users downloaded one harmful app more than 260,000 times before the company removed it from the app market. So creating a mobile security policy that requires end users to protect personal mobile devices within the enterprise is key to keeping your organization’s data safe.
Apple and iOS
Apple’s walled garden App Store—where applications are fully vetted before being made available to customers—has prevented widespread malware infection of iOS users. As a centralized point of distribution, the App Store provides users with confidence that the apps they download have been tested and validated by Apple.
Evidence of malicious malware showing up in the App Store is anecdotal at best, as Apple does not typically volunteer such information. However, it’s safe to assume that since Apple does not make APIs available to developers, the iOS operating system has fewer vulnerabilities. However, iOS isn’t 100% invulnerable and every now and then it has been seen that questionable apps have slipped through the Apple vetting process.
Google and Android
Like Apple, Google provides a centralized market for mobile applications called Google Play. However, that is offset by the Android’s ability to install apps from third-party sources. Some are well-known and reputable such as Amazon. Others are not, and originate from malware hotspots in Russia and China. The criminal developers deconstruct and decompile popular apps like Angry Birds, and publish malicious versions and make them available for free.
One alternative market for these “cracked” or “cloned” applications is Blackmart, and the apps cracked for that market are known as PJApps. Tools used to crack legitimate applications allow the mobile malware writers to repackage popular applications and add their own functionality. Repackaged apps will typically include some potentially unwanted pieces, such as advertising frameworks or malicious capabilities.
Another family of Android-specific malware reported to Sophos is known as DroidSheep, a tool used by hackers to listen to network traffic and gain access to online accounts of popular websites. Attackers running DroidSheep can impersonate victims’ accounts and gain access to sites not using a secure connection. DroidSheep allows the attacker to sniff wireless network traffic and steal authentication tokens, which the attacker can then use to impersonate someone else. Popular sites such as Yahoo, Google, and Facebook support HTTPS connections, which a tool like DroidSheep cannot infiltrate.
The most prolific family of Android malware is known as Boxer. In April 2012, when the popular photo sharing application Instagram was released on the Android platform, mobile malware writers immediately took notice. The malware creators copied the contents of the Instagram site and created a fake, malicious counterpart complete with rogue applications. Once installed, the app sends SMS messages to premium-rate services, concentrated mostly in Eastern European countries like Russia, Ukraine and Kazakhstan. In the process, cybercriminals earn a fast and tidy commission at the expense of users.
Mobile malware by the numbers
The number of threats, especially on the Android platform continues to increase. In 2011 SophosLabs observed 81 times more Android malware in 2010, an 8,000% leap. In 2012 SophosLabs has already resulted in 41 times more malware than in all of 2011, a growth rate of nearly 4,100%.