Android beating iOS in one, crucial, category: susceptibility to cyber hacks

27 Feb 2015

A year-long piece of research from cybersecurity expert FireEye has found that 96pc of mobile malware targets Android devices.

FireEye established the findings after looking at the seven million apps (each with over 50,000 downloads) across both Android and iOS last year.

Financial data theft seems to be the key threat, with a 500pc rise in instances on Android over the year previous. A key example given is KorBanker, an app targeted at South Korean banking apps last year.

It was disguised as a standard Google Play Store app, but it tricked phones into giving previously restricted permissions. It basically replicated the login screen of true banking apps, stole login details and made hay with the information.

Apple Burst’ing Android’s bubble

Interestingly Burstly, a subsidiary of Apple, is highlighted as a real area of concern for Android devices.

Integrating third-party ad networks into both iOS and Android app platforms, Burstly collects user information over time to create a fuller picture on how to target ads directly.

JavaScript-Binding-Over-HTTP (JBOH) is a vulnerability of primary concern, with its utilisation common when loading web content onto an Android app. This is bad news, claims FireEye.

“When an Android app invokes the method and loads the content from a web browser in WebView over HTTP, it opens the door for attackers to execute code remotely.”

What’s troubling is 31pc the apps tested showed distinct vulnerabilities to this process, with 18pc at risk of compromising truly sensitive data such as financial, medical, health, shopping, communications and productivity data.

Significant threat vector

“Today, mobile apps represent a significant threat vector for enterprises,” said Manish Gupta, senior vice president of products at FireEye.

“Worse, most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack on a mobile device. Our findings highlight the threat apps pose and why enterprises must implement a mobile security policy that focuses on applications.”

Despite iOS being squeaky clean in comparison, there are risks on Apple devices that seem to concern FireEye.

EnPublic Apps standout, with their ability to bypass the App Store’s strict review process a concern. But largely it’s a one horse race, with Android the sickly, bruised leader.

Happy Android image via Shutterstock

FireEye is a Silicon Republic Featured Employer, comprised of top tech companies that are hiring now

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com