We are currently trialling our new-look independent.co.uk website - please send any feedback to beta@independent.co.uk


Android devices attract 79% of malware attacks; iOS gets just 0.7%

A memo from the US to security personnel warns that Android's "market share and open source architecture" make it specially vulnerable.

US authorities have warned security personnel that mobile devices powered by the Android operating system are especially vulnerable to malware and other hacks.

The internal memo reported that Android attracted 79 per cent of all malware attacks, followed by Nokia’s Symbian software with 19 per cent. Apple’s iOS software attracted just 0.7 per cent of attacks.

The memo, published by the Department of Homeland Security and the Federal Bureau of Investigation, said that this was because of the OS’s “market share and open source architecture”.

The large market share (just under 80 per cent of the global smartphone trade) appeals to hackers’ sense of efficiency: they will have to spend less time coding to attack more systems.

Another major problem for Android is the fragmentation associated with the OS: not all Android users run the most recent version of the software and without updates the software is more vulnerable to hacks.

Recent figures showed that only 33 per cent of Android users are running the most recent version of the software (Jelly Bean), a figure that compares unfavourably with Apple, where 93 per cent of users are using the latest iOS 6.

“The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date,” said the memo.

The US agencies also detailed three types of common attacks: SMS Trojans that send text messages without the user’s knowledge to premium numbers (the hacker sets up these numbers and collects the charge); rootkits that log users’ location, keystrokes and passwords; and fake URLs that pretend that they are operated by Google but that trick the user into installing malicious software.

Whilst these are not exactly different attacks (fake URLs are a method of installing malicious software rather than the software itself) they do suggest the range of vulnerabilities now present on mobile devices.