It’s a simple fact that malware is a bigger risk on Android than other mobile platforms. It’s all to do with a basic truth of computing: any system is a balance between flexibility/openness and security. As a user, you need to understand why Android is a bigger target on mobile to understand why you should take extra steps to protect yourself.
The Numbers Don’t Lie
It’s one thing to have a general sense that Android is more targeted by malware than iOS or mobile versions of Windows. It’s another to see the raw numbers. Nokia’s Threat Intelligence Report 2019 notes that 47.15% of all malware infections involve Android devices. And that’s 47.15% of all malware, including that affecting desktop and laptop computers and devices such as smart sensors. In fact more than 50 times as many malware infections affect Android as affect iOS.
Androids Strengths Are Also Weaknesses
The main selling point of Android is that it’s an open, flexible system that gives more choices for developers, manufacturers and users. It’s a setup that’s made Android hugely successful. The problem is that openness and flexibility also brings security drawbacks. These are some of the reasons malware creators find Android so appealing:
Perhaps the longest running debate in desktop security is whether Macs are inherently safer than Windows PCs, or if cybercriminals simply go after the bigger Windows audience. The reality is likely a mix of both, and it’s much the same situation with mobile devices.
IDC reported that in the third quarter of 2018, Android ran on 86.8 percent of all smartphones, making it the obvious target for any malware creator wanting to maximize their “audience” of victims.
Apple’s iOS takes full advantage of sandboxing, a design that effectively “walls off” each application and carefully restricts its access to other software and resources on the device. Android is a much more open and flexible system. While that gives developers more scope and freedom to create apps, it does increase the potential damage that a rogue app could do.
The Google Play Store review process is not as rigorous as that of Apple’s iTunes Store. That means a wider range of choice for consumers and an easier route to market for developers, but also a greater opportunity for malware creators to get past the gatekeepers.
While iOS has a complete lockdown on apps from outside Apple’s own store, Android devices can install and run software from any source with just a single setting change by the user. It brings complete freedom for developers and users, but also means it really is “buyer beware” when installing an app.
Apple’s security updates are a mandatory install. Android users can choose whether or not to apply the latest patch, while when they actually get the update can depend on both their device manufacturer and carrier. This greatly increases the chance of a phone being vulnerable to a newly discovered security flaw.
Apple maintains near complete control over what handsets are available and which operating system and app versions they can run. Android runs on an almost limitless range of diverse handsets with all manner of combinations of app and system edition. That approach creates far more opportunities for compatibility glitches that open up security holes. To make things even more complicated, the combination of security protection and user verification varies significantly between different makes and models of device.
Three Golden Rules To Use Android Safely
Security is only one factor in choosing a mobile operating system alongside price, device availability, choice, flexibility and control. But while you may have good reason to prefer Android, it does mean you must pay a little extra attention to security on your device. Some key points include:
— Always make sure your device has the latest security patches installed. Check with the device manufacturer if you’re not sure how to be certain of this with your model.
— Never download apps from sources other than Google Play. Unless you’re a cybersecurity expert yourself, it’s simply not worth the risk. Never switch on the “Install Unknown Apps” setting.
— Always pay attention to the permissions an app requests. Only switch on a permission that makes sense for the app’s stated purpose and where you trust the developers. If an app is asking for more permissions than seems necessary, uninstall it.