More security worries and vulnerabilities for Android users revealed in new research
An estimate from Duo Security reveals that over half of Android devices worldwide are unpatched and could be taken advantage of by a malicious app.
Duo Security crunched the numbers due to one of their products, X-Ray, an app which performs “vulnerability assessment” – in other words, a security product which checks known, yet unpatched vulnerabilities in the platform.
The results come from analysing more than 20,000 Android devices worldwide, with Duo releasing X-Ray publicly earlier this year.
“It’s a scary number, but it exemplifies how important expedient patching is to mobile security and how poorly the industry has performed thus far,” said Jon Oberheide in a blog post.
“We feel this is actually a fairly conservative estimate based on our preliminary results, the current said of vulnerabilities detected by X-Ray, and the current distribution of Android versions globally,” Oberheide continues.
This can be aligned with recent research from security firm Sophos, whereby a huge increase in new malicious Android apps has been reported.
According to the unique samples from SophosLabs, malicious apps have multiplied 41 times in number, with three months of the year still to go.
“Make sure that apps you intend to install are installed by many users and that their reputation is good,” Vanja Svajcer said in a Sophos blog post.
Sound advice, and a message which is echoed in Google Play’s terms and conditions with regard to ‘impersonation or deceptive behaviour’:
“Don’t represent that your app is authorised by or produced by another company or organisation if that is not the case. Developers must not divert users or provide links to any other site that mimics or passes itself off as another application or service.”
Svajcer added: “As malicious apps become more complex, we will inevitably see more complex malware which will be able to hide for a longer time period, allowing it to infect a larger number of devices.”
Android security is, of course, a major bugbear. An Android malware scam got Connect Ltd a £50,000 fine from the UK service regulator PhonepayPlus.
But is the lack of patching, combined with huge amounts of malware, a worry for you?