F-Secure, a security firm, has released their Mobile Threat Report for Q4 2012 and the trend is not surprising: Android has a bullseye on its back.
Accounting for a whopping 79% of 301 new malware discovered in 2012, Android is on top of the list when it comes to mobile operating system with most malware. iOS, the challenger to Android, sits at a measly 0.7% and likely wouldn’t even be on the list at all if it weren’t for cross-platform malware like FinSpy.
Does this mean Android is less secure than iOS? After all, both are very popular yet there aren’t as many malware for iOS. Right? Wrong. The reason for more Android malware than iOS malware is two-pronged:
- Firstly, Android is roughly 5x more popular than iOS globally; 75% vs 15% global marketshare is the rough breakdown. So while iOS does have a large chunk of the market, malware producers like to get the best “bang for their buck” and attacking the more popular platform is the obvious choice. Indeed, if you look at F-Secure’s report you will see Android accounted for only 11.25% of mobile malware in 2010 because it wasn’t as popular back then.
- Secondly, Android isn’t less secure per se but rather less locked down than iOS. Although there have been instances of malware apps found on Google Play Store, the biggest source of malware on Android is unofficial third-party app stores and pirated apps. You see whereas Apple locks down iOS and only allows people to install apps from Apple App Store (unless you jailbreak), Google does not restrict Android users to Play Store only. There is a feature in Android which you can enable (it is disabled by default, typically) that allows you to sideload (aka install) apps that aren’t from Play Store, which is why it is so easy to pirate apps on Android and there are so many unofficial third-party app stores.
Because Android has a larger user base and it is easier to install non-Play Store apps on Android than on iOS, Android is an easier target for malware distributors. And if I know anything about hackers, it is that the vast majority are lazy in the sense that if a target is too hard to breach, they simply move onto the next one. In this case, Android has a softer underbelly than iOS.
Now, some may say: “Doesn’t that make iOS better?” It depends; it depends on your needs and wants. If you like the iPhone and the iPad and don’t mind only having access to apps Apple deems appropriate (which, frankly speaking, most people don’t have an issue with), then iOS is the better platform for you. However, if you prefer having a choice in what device to get (e.g. screen size, specifications, price, etc.) and don’t want to be shackled to one official app store, then Android is the clear winner. Just be sure to only download from trusted sources.
Also, as a parting note, it is important to put “mobile malware” into perspective. 301 new malware was discovered by F-Secure in 2012. Just 301. There are thousands of new malware discovered every year targeting desktop computers, notably Windows. While 301 new malware shouldn’t be written off as insignificant, it isn’t much cause for concern either. However, if mobile malware continues to grow at the pace it has for the past couple years, then there will be cause for concern very soon.