It seems like every couple of months there is some report released that trumpets the impending doom of anyone using a mobile device. And more often than not these studies emphasize that there are thousands of pieces of malware out there masquerading as Android applications. Many of us have lost track of the number of Apple customers who have sneered at the open nature of the Play Store and have proudly declared that it is riddled with viruses. These individuals usually follow these comments up with a clumsy swipe towards open-source operating systems as a whole, generally revealing at this point that they don’t understand what “open-source” actually means.
Although this imaginary Apple evangelist may be ill-informed and is probably just paraphrasing something they read on Cult of Mac, they do have a point. The Play Store does have an occasional piece of malware that slips through the cracks and infects devices around the world. And of course most of the statistics surrounding malicious Android applications include a vast number of apps that can be side-loaded directly from various websites.
A report recently released by SourceFire brought some interesting statistics to light regarding exploits in mobile operating systems. Keep in mind that since the App Store is completely closed, it doesn’t generally contain malicious applications. But those who wish to compromise mobile devices are not deterred by Apple’s attempts at securing iOS.
As you can see although iOS only holds a 25% global market share, it accounts for 81% of all vulnerabilities discovered in mobile devices. This is somewhat disturbing for many reasons. First of all, the vast majority of Apple’s devices are running the most current version of iOS at any given time. Of course with Android devices it all depends on what device you are running and on what carrier. This means that there are still plenty of people out there running Gingerbread, especially those who bought low-end devices in the past. But despite this fact Apple seems unable or unwilling to secure it’s operating system.
This news is especially relevant as we see the fight for the enterprise market starting to heat up in the mobile space. Distributing an app that masquerades as something useful but actually seeks out personal information and uploads it to a server somewhere is a numbers game. If enough people download it, you should eventually get someone who has credit card information or their SS number saved on their device. But an exploit can be used to compromise a specific device. This means that individuals and/or companies can be targeted for the valuable information that their devices have access to. It will be interesting to see if this news affects the heated battle that is being waged for massive corporate contracts between mobile device manufacturers.
For those of us who use Android we only need to use common sense to avoid having our phones infected by software intended to do us harm. Only download apps from sources that you can trust. It is that simple. But there are over 1700 known exploits in iOS at this very moment. So for Apple customers, it appears your best defense might prayer and positive thinking.