Google came this week with a new version of the company’s annual security report for Android, this time for 2015. The description of the malware situation that is the most interesting.
Despite the fact that the company has introduced manual control, as well as automated control of apps distributed through Google Play, it is still far more than just a handful who install the Google calls for potentially harmful applications (PHA – potentially harmful App). In practice comprises PHA all apps with one or other form of unwanted functionality. Google describes expression and categories detailed in this separate document.
The company states that it was installed PHA is less than 0.15 percent of the units that have only apps from Google Play, while the share is at 0, 5 percent for devices that also have apps from outside. Devices that are not related to Google Play, is not included in the survey.
There is also no doubt that it is far more risky to download apps from outside the Google Play than from the inside, but the risk are also present for those who only adhere to Google Play.
Yet many
0.15 percent may not sound like much, but given that there are more than 1, 4 billion active Android devices (figure from september 2015), this means that the PHA is installed from Google Play for over 2 million Android devices last year. However, according to Google, the company recorded a decrease to 40 percent in the number of attempts PHA installations from Google Play between 2014 and 2015.
The reduction applies to all major categories of PHA, except Trojans, where Ghost Push the family was almost totally dominant.
the categories aggregators, spyware, malicious downloaders and sMS fraud has however been significantly less current.
vulnerabilities
In the safety report to Google also discussed the relatively new system of monthly security patches for Android, which has come after security researchers to a greater extent than previously looked for (and found) vulnerabilities in the operating system, perhaps partly because of the bounty scheme for Android vulnerabilities that Google launched in June last year.
during 2015 were issued 173 security fixes to Android, most in the period from August to December.
However, far from all recent Android devices receive these updates. Samsung is among the companies that promise monthly updates, but only for selected models.
Google by security officer for Android, Adrian Ludwig, has repeatedly stressed that although many of the vulnerabilities that have been discovered in and removed from Android are serious, they are simultaneously very difficult to exploit. This is partly due to new security technology that arrived in Android in recent years.
Fragmentation helps
But there is also another factor that makes it not so serious that not all Android units receive security update, namely what is commonly called the fragmented Android platform.
there are thousands of different Android devices, often with a customized version of Android and varying versions of the Linux kernel and libraries.
in his address shown in the video above, a recording of Black Hat Asia conference which was held for a short month ago, says hacker Dino Dai Zovi that examples of attack code that could exploit such vulnerabilities in the much talked Stagefright libraries, must use memory addresses which are firmware-specific.
That is a given attack code will probably only be used to attack a specific version of a product with a specific version of Android (see recording of 42 minutes and 30 seconds).
– Android fragmentation is a massive security benefit, and it is here that diversity by being open source, actually helps, said Zovi.
– the same vulnerability affects a billion units, but requires an enormous amount of investment in time to develop something that will be useful for the attacker, he said.
No comments:
Post a Comment