Warwick Ashford reports for Computer Weekly, “More than 90% of Android devices are running out-dated versions of the mobile operating systems, according to cloud-based access security provider Duo Security.”
“The finding – based on an analysis of the security firm’s installed base of more than one million mobile devices – paints a worrying picture of the state of mobile device security in the enterprise,” Ashford reports. “Analysis shows that 32% of Android devices in use in enterprises today are running version 4.0 or older of the operating system, leaving them highly susceptible to vulnerabilities such as Stagefright.”
“The Stagefright vulnerability allows an attacker to compromise an Android device via a multi-media (MMS) message such as a video or photo, potentially allowing an attacker access from the device to corporate networks,” Ashford reports. “‘Users need educating, but organizations need to put in place systems that not only educate users, but can also encourage them and make it easy for them to upgrade to the latest versions of software,’ Henry Seddon, head of European operations at Duo Security, told Computer Weekly. “Failure to do this, he said, means systems will always tend to be out of date, which will open up organisations to malware and other forms of attack.”
Read more in the full article here.
MacDailyNews Take: Users need educating, but organizations need to put in place systems that not only educate users, but can also encourage them and make it easy for them to use real iPhones and iPads.
Dangerous new zero-day flaw affects more than two-thirds of all Android devices – January 20, 2016
Android malware steals one-time passcodes, a crucial defense for online banking – January 14, 2016
New Android malware is so bad, you’d better off buying a new phone – November 6, 2015
Apple issues iPhone manifesto; blasts Android’s lack of updates, lack of privacy, rampant malware – August 10, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
[Thanks to MacDailyNews Reader “Dan K.” for the heads up.]
But Google sleeps with the NSA
Well, technically, 100% of Android devices are running an insecure OS, even when they’re up to date 😉
Yep. Better headline:
“100% of Android users are running Android.”
The article also claims that 80% of iOS are running outdated versions that are insecure. Hmmm that’s not right. I think the article needs correcting. Isn’t it more like 80% of iOS are running the latest?
It is right. The article states “that only 20% of iPhones run the latest Apple operating system version iOS 9.2.” It does not mean that the 76% (as shown in the pie chart) are at version 9.2. I believe the reason behind this is the amount of free space on the phone. I think more people have the 16GB version of the phone and cannot update because of this. But then again, I could be wrong.
There is nothing to stop a person upgrading 16GB iPhones to 9.2.1.
I never said there was.
My wife is still on 8 something. She has a 16GB version. We had twins in August (our first children), so her phone has a lot of pictures on it. She doesn’t want to take the time to uninstall apps and backup/delete pics to make room to install iOS 9. Having 2 babies alone takes a lot of time. I know she’d rather hit install and go to sleep and have it updated by morning. Even if she updated using our MacBook Pro, she still might have to remove some things. Again, taking up time that we don’t have at the moment.
That’s just her reason why she can’t update. There are a lot of things on her priority list than to update her phone. I’m sure others could have different reasons.
My phone is up to date. I feel that up to date is best. I also like to have only what I use or need on my phone.
You comment sounded like there was a technical reason. With iCloud, etc, why do you have all those photos on your phone?
Would low amount of free space be considered “technical?”
Even with backing up using iCloud, etc., the pictures are still on your device until you remove them. If you upload them, you have to find the app you synced them to and then go find the pictures. Using cloud services can be slow at times. Also, some people hate the idea of “the cloud.” Personally, I think it’s amazing and will be improved over time.
It takes a while to get rid of the pictures you don’t want on your phone. Deleting all of them prevents my wife from showing off pictures of the twins. It’s like having a photo album in your pocket.
I use iCloud. I have 12000 photos and as long as I have an internet connection, I can view my photos. I agree having a few locally on the phone is great, but really, how many times has she shown off those photos in any significant numbers?
I don’t consider lots of photos to be ‘technical’ no more than I would consider a full hard disk a technical issue.
I’m running 9.2.1 on a 16GB iP5. So is my wife. So probably are the rest of the family.
While true, let’s be 100% up front about all this.
Alphabet (nee Google) allows certain organizations to modify the OS to make it ultra secure. Apple does not. The issue is that Alphabet does not put any of those security improvements into the public Android OS. (Why? It would cost them a lot to do so!) And, less than 0.001% of Android uses can get access to those ultra secure versions.
With Apple’s iOS what the general public gets is what you get. Sure, it’s more secure than *any* Android OS out in the public (even the latest version of Android OS with all the security patches), but want to make it ultra secure, e.g., add true two factor security? Nope. Can’t legally modify iOS to support it. (Before someone jumps in and says iOS already has two factor security note that even Apple properly refers to it as “two step security”. It’s not the same as true “two factor security”.)
For the vast majority of users Apple’s way is most definitely better. I just wish Apple actively supported ultra secure forks of iOS.
What would an ultra-secure version of iOS look like? The NSA is already pissed because Apple won’t give them a backdoor. How much more secure do you want it?
Well, for one, your iPhone is constantly sending back data to Apple, to iCloud, and to Siri. Not only is the user unaware of exactly what is sent and when, not all of that information is encrypted.
Maybe something like the Android based Blackphone from Silent Circle?
One ‘fun’ security feature is the PIN randomizer. Basically randomly reorders the numbers on the lock keypad so someone viewing you entering it from a distance will have difficulty figuring out the actual PIN. 😛
What I want to know, is how many of these android devices can never be upgraded out of the box? They’re DOA from the beginning.
Lots of guys I see have Samsung (telcos push them) but don’t care about security. As long as the screen isn’t broken, they don’t care (seen a number of cracked curved screens.)
No banking, no purchase functions, what to worry?
That’s a good, valid argument for the technophobe. I love tech, and yet thought my first iPhone would be just a phone and iPod music player combined. Security wouldn’t have mattered one bit!
Turns out I was terribly wrong! I use it for *everything* now. Sometimes I start something on my iPhone before I jump on to a “real” computer (with a physical keyboard) just to be able to type lengthier replies (like this – I never MDN on my phone), but I bank, shop, browse – everything – on my phone.
Even my mom uses hers for “Googling” (sorry – I can change my habits – go DDG! – but she’s an “old dog”) and mapping directions.
Anyone who really believes that they don’t need that security is selling themselves (and their phone usage) terribly short. I guess that’s a good thing if you rely on Android to protect you. Real users should really be on iPhones.
At least they are keeping the Porn, Malware, Adware people happy and rich. lol
As someone else said, Android phones *cannot* be upgraded unless another firmware/system like Cionigen Mod is put on it. And I’m pretty sure that voids the warrantee. So nope, Android fetishists will be stuck with old versions, until they upgrade to an iPhone, where Apple at least tries to keep them up-to-date.
Sent from my iPhone
I see lots of hand waving but no detail explaining what the huge risks are. Does anyone actually believe that this year’s OS is dramatically more secure than last year’s? Let’s not count abritrary OS version and instead identify the number of vulnerabiliities that have been closed.
So what percentage of Apple users are using an “out-dated and insecure operating system”??? Your graph doesn’t tell the answer, MDN. At least 24% of iOS users are using an “out-dated” version. But how many people are using the current 9.2.1???? Despite Apple’s annoying pop-ups, the smart people amongst us don’t blindly install every single update the second Apple drops it. For one thing, updates can and do break software occasionally. And let’s not forget that no company is perfect — 9.2.1 dropped only a few weeks after 9.2, to close a vulnerability that has been known for years. Its just an endless stream of SLOW security updates from Apple these days.
Android: Disease Vector?