Android smartphones and tablets dominate the mobile device market. In the smartphone category, Android commands 52 percent of market share compared to Apple, which has 41 percent. In the tablet market, the difference is even greater, with Android at 61.9 percent and Apple at a distant 36 percent. Android devices tend to have better price points than iOS devices, and Android applications have a faster time-to-market than applications designed for Apple’s tightly controlled App Store.
The downside of popularity is that Android has become a target for cyber attackers. Cyber attackers like efficiency; they want to cause as much damage as possible with a single attack. According to a February 2014 article in Silicon Republic, attacks by Android malware have increased by 600 percent over the past year. In many countries around the world, attacks on Android devices have become more common than attacks on PCs. Several cyber security companies have developed strong Android security products for smartphones and tablets. However, as Android expands beyond the smartphone and tablet markets into wearable tech and medical devices, these companies expect attacks against Android devices to become more common than ever.
Android Wear and M2M
Google recently released a developer preview of Android Wear, its soon-to-be-released development platform for smartwatches and other wearable tech devices. According to Google, Android Wear APIs will allow existing Android apps to start accepting voice replies, stack with related notifications and add new pages. The company’s vision for Android Wear smartwatches includes notifications from social networking and news apps, location-related notices from shopping apps and available chats from messaging apps. The ubiquitous “OK, Google” command that has become synonymous with Google Glass would also initiate smartwatch actions like calling a cab, sending an SMS, setting an alarm or reserving a restaurant table.
Smartwatches aren’t the only way that Google is working to expand Android’s reach. The company is also pushing for medical device manufacturers to choose Android as their operating system. By switching to a smartphone platform, medical devices would be optimized for touchscreen operation, interoperability and best of all, mobility. The Android operating system that powers many of today’s health and fitness apps could also monitor vital signs or check blood glucose and then transmit that information to a patient’s medical team. The iOS ecosystem led the way for mobile devices and apps. However, Android has a lower barrier to entry for developers, and it’s easier for them to get Android apps into the Google Play store.
The Bad News About Popularity
Unfortunately, as more devices incorporate Android, more attackers are targeting Android devices. Microsoft endured the same problem when its Windows operating systems dominated the PC market. Mac computers faced fewer malware threats because many more people used Windows. Attackers targeted the PC operating system that most of the world used, and they appear to be doing the same to the world’s most popular mobile operating system.
According to Google, more than a million new Android devices are activated around the world every day. The Google Play store boasts Android app downloads of 1.5 billion per month. Unfortunately, security experts estimate that about 42,000 apps in the Google Play store contain malware or spyware. Last year, Google eliminated less than 25 percent of malicious Google Play apps.
Even worse, not every Android app comes from Google Play, and apps from outside the Google ecosystem are more likely to contain malware. For example, Sophos Labs recently discovered an Android Trojan from a non-Google Play app that could divert SMS messages. Users that set up two-factor authentication (2FA) on their bank accounts and other accounts often have 2FA codes delivered to their phones via SMS. An attacker that could grab the code might be able to break into a person’s bank account.
How to Protect an Android Device
Many scammers sell fake antivirus apps into the Google Play store. For instance, the Virus Shield app, a Google Play top seller, never scanned Android phones for viruses. In fact, it did nothing more than switch its screen image from a red “x” to a check mark after claiming to conduct a scan. The lesson: Always choose an Android security product from a trusted security provider. Trust those same providers when security solutions for Android Wear and M2M enter the marketplace.
Android devices image by Jeremy Keith from Flickr Creative Commons
Smartwatch and smartphone image by Karlas Dambrans from Flickr Creative Commons