updated 06:33 pm EDT, Wed June 26, 2013
Juniper Networks study claims 92 percent of all mobile threats Android based
Confirming an earlier study by a different firm, a new report has found that 92 percent of mobile attacks are aimed at Android, with the number of attacks generated per year on a steady increase. The Juniper Networks study calls the 614 percent increase in attacks since March 2012 "staggering," with three out of five coming out of China or Russia.
Trends noted in the study (PDF) are the prevalence and ease of attack on the Android OS, with attackers having "made strides to shorten the supply chain and find more agile methods to distribute their wares into the wild around the globe" according to the report. Almost three quarters of the attacks are SMS trojans, using mobile payment exploits to generate funds quickly from the attacked which show up as many as four weeks later on the owners' cell phone bill.
Also noted as aiding in the Android attacks is the Android OS's fragmentation, with the "vast majority" of devices ineligible to receive the latest in security patches by Google. The study found that many free apps were leaking corporate data, including location tracking, to developers as well.
The report is based on analysis of more than 1.85 million mobile applications and associated vulnerabilities, an increase of more than 133 percent. The total amount of malware sampled grew to 276,259 apps. Of growing concern are third-party alternatives to official marketplaces, allowing "side loading" of applications on Android that may not have been reviewed by Google or any other gatekeepers. While unofficial stores exist for "unauthorized" apps on iOS, they are far fewer in number and better policed by the community, at least so far.
The study parallels one from May by F-secure that found that 92 percent of mobile malware was on Android, with the rest going to the outdated Symbian. Issues cited were primarily the same, with the endemic approaching the relative level of compromised Windows systems.