91Èȱ¬

Android 'accounts for 79% of phone malware'

  • Published
Models display various smartphones
Image caption,

Google's Android system runs on a variety of different phones

Some 79% of malicious attacks on mobiles in 2012 occurred on devices running Google's Android operating system, US authorities have said.

Public information website Public Intelligence to US police and emergency medical personnel.

Nokia's Symbian system, on the Finnish company's basic-feature handsets, had had the second-most malware attacks.

Apple's iOS had had 0.7% of attacks.

Android is the world's most popular mobile operating system, and the memo blamed its high share of attacks on its "market share and open-source architecture".

Text trojans - malware that sends SMS messages to premium-rate numbers without the phone owners' knowledge - accounted for half of the Android attacks on old versions of the system.

The memo also cited fake sites that appeared to be like Google's Play marketplace and "rootkits" that allowed hackers to track a user's keystrokes and passwords.

It said 44% of Android users were still using older versions of the operating system - specifically 2.3.3 through 2.3.7, dubbed Gingerbread and released in 2011.

These have a "number of security vulnerabilities that were fixed in later versions", the memo added.

"The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date," it said.

'Master key' exploit

Apple has said that more than 93% of the 600 million iPhones and iPads sold run iOS 6, the latest version of the operating system.

The next version is expected to be released to the public next month.

This is the not the first time the open nature of Google's popular phone software has been questioned.

Security firm Symantec noted last month that a "master key" bug - which allows attackers to take control of Android phones - was being exploited in China.

The bug exploited a vulnerability in all Android apps, which contain an encrypted signature that the operating system uses to check the program is legitimate and has not been tampered with.