Google Inc.'s growing share of the booming smartphone market is coming with a stiff price, with the vast majority of mobile attacks targeting its open source operating system.
Mobile malware attacks grew a whopping 614% in 2012, according to Juniper Networks' third annual Mobile Threats Report. Of the more than 276,000 malicious apps counted in the study, 92% were aimed at Android users.
The fact that almost 80% of the threats could be eliminated just by using the current OS, that tells you that there's too much inefficiency in the system.
vice president of global product marketing, Juniper's security business
Many of the malicious apps are coming from third-party developers, said Michael Callahan, vice president of global product marketing for Juniper's security business. Juniper's Mobile Threat Center (MTC) conducted the report, which covered a one-year period that ended in March 2013.
"If you think about the Apple operating system, it's very controlled. They do a very, very good job screening the apps, making sure the apps are secure, quality testing the apps, and then they put them into their apps store," he said. "Google does the same thing with Google Play. They do a really good job of making sure the apps in there are secure and legitimate. But because it is an open operating system and you can add apps from wherever, you find a lot of stores popping up that provide Android-based apps."
The MTC found more than 500 third-party app stores serving up malicious mobile apps, 60% originating from either China or Russia.
"People go to these other stores because the apps are cheaper there, but then they find out that they're not downloading what they think they're downloading," Callahan said.
SMS the most vulnerable
Most of the mobile malware -- 73%-- was categorized as FakeInstallers or SMS Trojans, which exploit holes in mobile payments. Juniper said each successful attack yielded as much as $10 in profit for hackers; more worrisome to enterprise network administrators, attackers are also developing intricate botnets capable of disrupting corporate networks, the company said.
Multiple Android versions now in circulation pose another challenge, Callahan said. Despite Google's best efforts to recognize and guard against SMS threats, only 4% of Android users have the latest OS, according to Google.
"Eighty percent of the threats could be eliminated if the most current version of Android was put on the devices," he said. "So to say that another way, Google does a great job of updating their OS. When they find security threats, they do a lot of research and update the OS accordingly. The challenge is, how do you get that to the end user quickly? Because the device manufacturers have their own flavor of it, they have to take it through their own quality assurance, and that causes delays. But the fact that almost 80% of the threats could be eliminated just by using the current OS, that tells you that there's too much inefficiency in the system."
The increase in Android malware comes as Google carves a bigger share of the worldwide smartphone market. Juniper said Android devices accounted for more than 67% of smartphones shipped in 2012, according to analyst firm Canalys. As a result, cybercriminals are focusing far more of their efforts on Google's OS.
The MTC examined more than 1.85 million mobile apps to generate the report, more than double the apps it studied in the 2012 report.
Aruba study finds mobile user mistrust
Even as mobile malware attacks continue to grow, another study, this one from Aruba Networks Inc., found that employees using their own mobile devices for work worry employers might be improperly accessing their personal information.
The report found that 66% of U.S. workers fear the loss of personal data, while about half of European and 40% of Middle Eastern employees have the same concern.
At the same time, a sizable percentage of employees said their IT departments don't take any steps to ensure the security of corporate files and applications on their personal devices, which is leading employees to keep their devices away from IT departments and, according to Aruba, is jeopardizing company data.
"The research from both sides of the Atlantic shows employees and IT departments are gambling with data security," said Ben Gibson, Aruba's chief marketing officer.