Android malware headlines: Less of the 79%, more of the 44%

Posted on August 28, 2013 - 15:18 by ccondon

You've probably seen the Android malware headlines saturating security news recently. We certainly have. If you’ve managed to escape them, here’s a quick summary: The U.S. Department of Homeland Security and the FBI issued an internal bulletin last month on “threats to mobile devices using the Android operating system.” The bulletin contained a chart illustrating findings that 79% of mobile malware targets Android—a number that the media (tech and otherwise) quickly picked up and used as a centerpiece for the headline frenzy that followed.

That number, however, is meaningless without context.

Malware authors go where the money is. They target the most popular platforms not because they’re the least “secure,” but because a bigger user base gives them a higher chance of success and, therefore, wider profit margins. Android is simply the most popular mobile OS, just as WordPress is the most popular content management system and Windows has long been the dominant operating system for PCs. This is as basic as it gets, though you wouldn’t necessarily know it from the news coverage.

Worth noting:

  • The 79% figure corresponds exactly with Android’s 2Q13 market share. The original text of the DHS-FBI bulletin states flat out that the threat to Android-based devices is largely due to Android’s market share and open source architecture.
  • The bulletin warns explicitly that 44% of Android users are running outdated versions of the OS that contain “security vulnerabilities that were fixed in later versions.”
  • The bulletin neither recommends against using Android-based devices nor dwells on the percentage of threats targeting Android, though it does emphasize the importance of updating software—a point with which StopBadware agrees wholeheartedly, irrespective of software or device type.

For our part, we find the 44% figure much more noteworthy and alarming than the percentage of mobile malware designed for Android. So our advice to Android users, whether they're government employees or not, is this: Update. That goes for all users, mobile and otherwise. Security software is also a great idea for any device, as is general awareness that cybercriminals want your data and your money however they can get them. No headlines there—though perhaps there should be.