From Heartbleed to an uptick in cyberthreats across a wide range of industries, security is on everyone’s mind. While most reports have focused on enterprise and general network threats, F-Secure has released a study devoted solely to the vulnerability of mobile apps. The findings are especially important to solutions providers who work in environments with, or considering BYOD policies. It is also worth noting that Android devices showed threat rates that were so much more significant than other platforms, that any solutions provider involved with these devices should pay special attention to this report.
Report Sample And Method
The report centers on information from Q1 of 2014 and features information from sites including the Google Play store, third-party app stores, developer forums, and user submissions, among other sources. Hundreds of thousands of mobile apps were included in the study.
Threats were identified by analyzing each app for malicious code. If any such code was found, it was grouped into families based on patterns identified in the code and behavior.
The sampling identified 275 new threat families on Android alone. iPhone and Symbian recorded one new threat each.
The most common type of malware found were trojans, whose behavior can be broken down into the following eight categories.
It is important to note that in comparison to PC threats, mobile threats are still miniscule. At the same time, F-secure found that its Mobile Security (for Android) solution was sending a steady stream of malware reports to their cloud-based telemetry systems.
Threat Key Findings
“These developments give us signs to the direction of malware authors,” said Mikko Hyppönen, chief research officer at F-Secure. “We’ll very likely see more of these in the coming months. For example, mobile phones are getting more powerful, making it possible for cybercriminals to profit by using them to mine for cryptocurrencies.”
The report makes several recommendations around keeping devices as secure as possible. These include locking devices, using anti-theft protection solutions (alarms, remote wiping, etc.), message barring (especially for Android devices not currently running Jellybean), monitoring of app permission requests, scanning of all downloaded apps with a mobile antivirus service and, of course, only using trusted services.