In a recent report on Mobile Threat Intelligence research from Skycure revealed that 71% of Android users on five major US carriers are 2 months behind on their security patches, leaving their devices vulnerable to malware and Android app security flaws. The report was based on mobile threat trends in 2016 and looked at network, malware and app/operating systems vulnerabilities.
A common argument that comes up whenever Android vs. iOS security is mentioned is that iOS regularly gets security updates for due to Apple being the sole manufacturer of iPhones. Android, on the other hand, has to deal with fragmentation through manufacturer’s and carriers. The report shows how this creates more problems for mobile carriers and OEMs of Android devices to deliver security patches to their users.
- Discovering the vulnerability
- Notifying to developer
- Developing a successful patch
- Making every carrier-specific patch available
- Distributing the patch
- Installing the patch
Whereas approximately 27% of Android devices run security patches that are one month old or less, the aforementioned process leaves majority of Android users susceptible to known vulnerabilities and Android app security problems. This report also confirms 2016 Year in Review by Google which stated that approximately half of Android devices at the end of 2016 had not installed a security update in the entire year. The report focuses on the U.S whereas Google draws global statistics in its reports.
The report also shows a shift in popular malware types. It was found that there was a significant increase in incidents related to malware such as Hidden Apps, Adware and Trojans, whereas Potentially Unwanted which was the most common malware in the start of 2016, finished in the 4th place by the end of the year.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.