Google is on a project to bridge the gap with the iPhone, with a number of new Android security features now coming to devices, as some of its security gaps are nonetheless closed. But the ecosystem is far from protected: more than 750 million devices are now vulnerable to attacks. But it may be that Google’s latest update is the latest push for those users to update their devices.
While it’s “interesting” to find that “iOS devices are more exposed to phishing and Internet content risks than Android,” Android headlines, the newest cellular risk report from the Lookout team paints a pretty clear picture. Much bleaker picture for Google’s Android than Apple’s Android.
Lookout flagged the ten “most common mobile browser vulnerabilities,” all of which (unsurprisingly) targeted “Chromium-based browsers.” While that means Chrome, Edge, Opera and more, it really means Chrome, which alongside Safari commands a 90% share of the mobile browser market.
All five of the “most common mobile app vulnerabilities” identified by Lookout’s device scanning also targeted Google’s Android OS, notwithstanding 2004’s “record numbers of iOS zero-day vulnerabilities.” What’s of particular note is spyware. Five of the seven “most critical threat families” identified during Q3 reporting period were spyware, as were half of the most encountered malware families. Lookout says it detected more than 100,000 malicious apps on enterprise devices in the period, which is an alarming increase of almost 33% from the prior quarter.
There have been a succession of Android zero days this year, which have highlighted the demanding update situations of Google’s eco-formula (OEM, model, region, carrier), anything compared to everyone’s technique for Apple. Although devices lacking operating formula versions are a bigger threat on iPhone than Android, reports find it to be a minor factor among companies. An Android operating formula, when added to the threats inherent in downloading applications, is a huge threat to the user and their employer.
Earlier this year, Zimperium’s Global Mobile Threat Report warned that 14% of Android devices used within enterprises “cannot be upgraded, leaving them susceptible to exploitation.” The researchers flagged the risk for iPhones at a much lower 1%. Zimperium also reported that 18% of Android devices are now running versions of the OS that can no longer be upgraded, broadly the same for iPhone.
But as Zimperium’s Nico Chiaraviglio told me, “Android faces top malware basically because of its open ecosystem, which allows third-party app outlets and side app: “Even if” the Apple’s App Store creates a ghost of the best security, malicious and programs that violate Apple’s usage situations and spend 0 days a day.
And while Google’s Android 15 brings huge innovations, Chiaraviglio warns that “Android’s open architecture will continue to provide more attack vectors than iOS’s controlled ecosystem. The fragmented nature of Android updates across vendors and carriers may have an effect on the effectiveness of those protection innovations in expanding the number of insects that can be used.
According to StatCounter, while 56% of Android phones run Android thirteen or newer, one in four run Android 11 and 12, and 10% run Android nine and 10. Google ended Android nine in 2021, Android 10 in 2023 and Android 11 in February of this year. That means about one in four phones with end-of-life versions, or 750 million out of 3 billion Android phones.
It is evident that there is a challenge that is not resolved without problems. And it is not exclusive to Android: it is enough to take a look at Microsoft’s difficulties to make the transition from users to Windows 10 as the end of their useful life approaches. But mobile devices in the Byod era pose unique risks. It is carried out daily throughout the company, largely under the user and outside the total reach of you.
As Eset’s Jake Moore warned, replaced operating systems can be left vulnerable to attack as criminals look for vulnerabilities that haven’t been patched and target people’s data. They would possibly be safe for the first few weeks or even months after their completion, but over time, even if the devices appear healthy, they can also be attacked without problems through newly located vulnerabilities. “
All told, those 750 million users must act now and upgrade their devices. If the growing threat from spyware is not enough, Google is now stepping in to fix the issue. As I reported earlier this month, its Play Integrity API will ramp up from 2025 for “all devices running Android 13 and above to make it faster, more reliable, and more private for users… making it significantly harder and more costly for attackers to bypass.” It’s a Google clampdown on spyware and other malware intended to hit at source.
Google’s spyware policy is under more scrutiny than ever in light of the most recent attacks. This new measure will isolate older versions of Android, meaning banking, business, and other sensitive apps will likely not work or restrict what can be done on older versions. of Android. These changes will be mandatory in May and will have a much larger impact than the 750 million end-of-life devices.
Android is changing—the days of aged versions of the OS running endlessly are coming to an end.
One Community. Many Voices. Create a free account to share your thoughts.
Our network is about connecting other people through open and thoughtful conversations. We need our readers to share their reviews and exchange concepts and facts in one space.
To do so, please comply with the posting regulations in our site’s terms of use. We summarize some of those key regulations below. In short, civilians.
Your message will be rejected if we realize that it seems to contain:
User accounts will be locked if we become aware or if users are compromised:
So, how can you be a power user?
Thank you for reading our Community Guidelines. Please read the full list of posting regulations discovered in our site’s Terms of Use.