Why do hackers focus so much on Android? It’s simple, really

15 Feb 2017

Android phones. Image: George Dolgikh/Shutterstock

Android is the most dominant mobile OS on Earth, home to millions of users and malicious programmes. Why?

Would you like to update your device now? Be reminded later? Ignore? The key to beating the growing wave of mobile hackers is perhaps as simple as answering ‘yes’ to the former.

That’s according to a new cybersecurity report from F-Secure, which highlights the growing divide between Android and iOS attacks.

It seems that, despite what many thought was a supply and demand issue, Android is by far the most appealing, accessible and, essentially, antiquated arena for cyber-criminals to flourish in.

According to F-Secure’s State of Cyber Security 2017, 99pc of all malware programs aimed at mobile targets are designed for Android devices.

The majority of these are “classic trojans”, according to Olaf Pursche, head of communications at AV-Test. This could be changing, however, with Pursche now seeing viruses, worms, malicious scripts, backdoors, and special trojans such as ransomware targeting mobile devices now, too.

The reason, it appears, could be down to system upgrades. According to the report, iOS upgrades are far superior to Android, not in levels of protection, but in simple adoption.

Data provided in the report shows iOS 10.2 was adopted by more than half of the iOS user base in just one month, largely replacing iOS 10.1, which, prior to the new release, enjoyed around 70pc of its own market.

On the other hand, Android 7 (Nougat) made little impact on the market, even after four months. Between August and December (the first four months of its release), Nougat had a 1pc uptake rate.

It’s actually such a dreadfully slow process that in December, Android 6 (Marshmallow) was growing faster than Nougat.

Android 4 and 5 actually dominate Android’s market share, still comfortably above the 50pc mark. The fact that these phones were likely to have been bought pre-2015, some as far back as 2011, makes for a happy hunting ground for attackers.

“A big part of cybersecurity is being prepared,” wrote Mikko Hyppönen and Tomi Tuominen, chief research officer and practice leader respectively at F-Secure, in the report’s foreword.

Noting the armoury enjoyed by cyber defences at the touch of a button – such as firewalls, endpoint protection, password managers, security training and general investment – the duo point out that more is needed.

“What defenders need more of, however, are solutions for when plans fail,” they said.

“Plans fail because what defenders keep ignoring is that there are people behind every cyber threat. Those people are 100pc focused on getting around prevention mechanisms to hit their targets. And one of them will always find a way through.”

Android phones. Image: George Dolgikh/Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com