updated 10:30 pm EST, Tue January 21, 2014
Apple's Phil Schiller tweets link to report without additional comment
Apple's SVP of Worldwide Marketing, Phil Schiller, tweeted on Tuesday a link to Cisco's 2014 Annual Security Report without further comment. The study, which looked at both the chances of mobile users "encountering" malware or social-engineering attacks as well as the nature of mobile-specific malware, found that Android users were both the most likely to encounter malware, and that 99 percent of device-targeted malware is aimed at Android.
Security issues have plagued Android from the beginning, but given that portions of it are open-sourced and/or Java-based and heavily modified by carriers and other parties, attackers can much more easily discover vulnerabilities to attack than with some other mobile operating systems. Though mobile-specific malware is far less common than Windows malware -- just 1.2 percent of all malware on all platforms -- it is unusual that 99 percent of the targeted malware is aimed specifically at Android -- suggesting the platform still has serious vulnerabilities that are easy to exploit, and that no progress on combatting the threats has been made. The problem is also growing as smartphones and other mobile devices supplant computers for most tasks.
This isn't the first time Schiller has pointed out the difference between iOS and Android on the security front: he also tweeted a link to last year's Cisco report when it came out, which had similar conclusions. Another study by F-Secure in March of last year said that Android had about 79 percent of all malware attacks directed at it. This year's Cisco study said that another fast-fading but still-active Java-based platform, J2ME, accounted for most of the non-Android targeted malware.
The Cisco study also widened its scope to analyze trends when non-targeted attacks such as "likejacking," deceptive SMS subscription texts and other "social engineering" attacks are considered. Unlike platform-specific malware, users on other OSes are not immune to such attacks, which attempt to trick users into revealing personal information for identity theft and financial crime-based endeavors.
Android still came out the worse for wear, at 71 percent, but saw attacks on other platforms such as iOS (14 percent for iPhone, 10 percent for iPad), BlackBerry and Nokia (at about seven percent). Most other platforms other than the formerly-prominent feature-phone platform Symbian had insignificant risk (less than five percent) for malware "encounters" that included non-specific "social engineering" attacks.