Some 79% of malicious attacks on mobiles in 2012 occurred on devices running Google's Android operating system, US authorities have said.

Public information website Public Intelligence published the Department of Homeland Security and the Federal Bureau of Investigation memo to US police and emergency medical personnel.

Nokia's Symbian system, on the Finnish company's basic-feature handsets, had had the second-most malware attacks.

Apple's iOS had had 0.7% of attacks.

Android is the world's most popular mobile operating system, and the memo blamed its high share of attacks on its "market share and open-source architecture".

Text trojans - fake messages that trick users into clicking on premium-rate numbers - accounted for half of the Android attacks.

Full story here: http://www.bbc.co.uk/news/technology-23863495

"open-source architecture"

Jesus, it's what makes Linux slightly stronger than the others.

Obviously, Apple might have the "upper hand" because of the operating system. But where it lacks is: creativity, widgets, folders, auto-correct, ETC. Android wins by a mile.

The problem with Android is that while it may be open source, almost all of the software available is anything but. Meaning, it's no better than Windows.

Perhaps if you downloaded Android from the official project sources and installed it yourself, you might be safer. The problem almost always lies in the vendor implementations, which usually bloat it with shovelware that you either can't remove or even see, not unlike the Windows computers you can buy at your local home electronics store. If they have security holes(like shovelware can) you are automatically open to threats.

Also, most devices from the wireless companies come preloaded with malware, and it's called "CarrierIQ". It is basically a keylogger and surveillance device: every keystroke and action is sent to somewhere, and it's really hard to detect. If you want to remove it, you must root your device and remove it yourself or with one of those tools. The makers of CarrierIQ argue that it is not they who impose it, but rather the carriers themseleves who abuse it. Which side is right is open for speculation, as it is highly unlikely a confession will come from either side.

Well, the reason why there is Android malware is because if that the operatingsystem is opensource and anyone can develop for it. Also you can sideload apps which cal lead to various infection.
Android 4,3 have updated security mechanisms like SeLinux though.

Android's open ended software might make it more exposed depending on the software versions and stuff like that.

Well, the reason why there is Android malware is because if that the operatingsystem is opensource and anyone can develop for it.
Yes, but distribution is a bit harder. I think the same applies for Windows Phone, but distribution there too is limited to the respective "app store". I don't know about iOS, but I think it might be the same as well.

Also you can sideload apps which cal lead to various infection.
Android 4,3 have updated security mechanisms like SeLinux though.
Not sure what you mean with "sideload" -- do you mean "bundle"?

And SELinux, Apparmor, or whatever you decide to put on there won't stop irresponsible behaviour, or compromised certificates, as we learned in the news recently.

This honestly doesn't surprise me at all. I half expected it to be a bit more susceptible to viruses because of how open it is.

Obviously, Apple might have the "upper hand" because of the operating system. But where it lacks is: creativity, widgets, folders, auto-correct, ETC. Android wins by a mile.

We do have folders and autocorrect. While it might not be top notch, I can fix it myself since I pay attention when I text.

I wonder if 79% of phones have android....

Yes, but distribution is a bit harder. I think the same applies for Windows Phone, but distribution there too is limited to the respective "app store". I don't know about iOS, but I think it might be the same as well.


Not sure what you mean with "sideload" -- do you mean "bundle"?

And SELinux, Apparmor, or whatever you decide to put on there won't stop irresponsible behaviour, or compromised certificates, as we learned in the news recently.

By sideloading I mean as installing apps from other sources than the google play store, by simply editing a option in the settings. Most malware spreads from outside of Google Play. Now it's even more easy to get infected outside google play because of the Androrat packer which allows a user to pack a app with another app, so both apps gets installed.


And SELinux, Apparmor, or whatever you decide to put on there won't stop irresponsible behaviour, or compromised certificates, as we learned in the news recently.

SELinux is a part of the kernel in the newer Android version, and does protect against exploits to gain access to system files and such to make the system overall more secure. SELinux is no app or antivirus, also the newer version of Android protects against the signature flaw, and will block installations on apps which the certificate have been tamperered with. Also Android have a builtin "antivirus" which checks if the apps are malicious before installing them.

The certificate issue is resolved in 4.3, and in custom firmwares such as Cyanogenmod. Also it's easy to patch yourself if you are rooted.

Please don't double post: use the edit button instead. -TheMatrix

By sideloading I mean as installing apps from other sources than the google play store, by simply editing a option in the settings. Most malware spreads from outside of Google Play. Now it's even more easy to get infected outside google play because of the Androrat packer which allows a user to pack a app with another app, so both apps gets installed.
I suppose you could do the same on Windows Phone, yet I haven't found anything that seems critical of that(or have microsoft security problems just become normal to us?).

SELinux is a part of the kernel in the newer Android version, and does protect against exploits to gain access to system files and such to make the system overall more secure.
It's been in most Linux distributions for years.

SELinux is no app or antivirus, also the newer version of Android protects against the signature flaw, and will block installations on apps which the certificate have been tamperered with.
See, that's what it did before the certificate fiasco as well. It's only a matter of time before that gets cracked or stolen in some way.

I suppose you could do the same on Windows Phone, yet I haven't found anything that seems critical of that(or have microsoft security problems just become normal to us?).


The reason for that is because of that Windows Phome is closed down and that it's not really a populsr mobile operatingsystem, and isn't really commonly used. There isn't that much phones being sold with windows phone either. The cyber criminals doesn't really get something out of trying to spread malware on Windows Phone.


It's been in most Linux distributions for years.


Yes, but it has recently been added into android open source project to protect against exploits to access system files and such.

See, that's what it did before the certificate fiasco as well. It's only a matter of time before that gets cracked or stolen in some way.
[/quote]
The certificate didn't get stolen / cracked, the only thing they found out that there was a way to tamper with applications without breaking the certificate so that they wouldn't need to resign that application with a new key or a test key. All android apps have a certificate, and are signed, if the app isn't signed it will not be able to be installed without root access to the system partition. That flaw have been patched like I said, also most manufacturers is pushing out the fix for this exploit / flaw.

If you get a virus or malware on your phone, then I'd call it natural selection. You probably shouldn't have the phone anyway. You have to be pretty dumb to click on or download something that advertises super-duper things.

The reason for that is because of that Windows Phome is closed down and that it's not really a populsr mobile operatingsystem, and isn't really commonly used. There isn't that much phones being sold with windows phone either. The cyber criminals doesn't really get something out of trying to spread malware on Windows Phone.
Really? I know one or two people here who beg to differ!
And enough people seem to be walking around with them. Enough that Microsoft can continue to make advertisements for it.

Yes, but it has recently been added into android open source project to protect against exploits to access system files and such.

It came too late, but adding it doesn't necessarily help.

The certificate didn't get stolen / cracked, the only thing they found out that there was a way to tamper with applications without breaking the certificate so that they wouldn't need to resign that application with a new key or a test key.
Then the certificate or the method signing of the applications was faulty. Any signature mechanism worth its salt(ba-dum-tss!) can detect very small changes. Done properly, there is LOTS of extra steps that one must take to keep the signature the same.

All android apps have a certificate, and are signed, if the app isn't signed it will not be able to be installed without root access to the system partition. That flaw have been patched like I said, also most manufacturers is pushing out the fix for this exploit / flaw.
Well not for me they're not. Unless T-Mobile decides(or have already decided) to remotely push an update to my phone without my knowledge(they did that once). I believe that is the bigger issue: it is essentially remote code execution.