LONDON: We’re all used to hearing about how horrible malware is on Android, but a new report is the most disturbing yet.
Security firm G Data is projecting that not only will new Android viruses and exploits reach new heights in 2017, but a new one will be discovered once every 10 seconds. But before you toss your Android phone in the trash, let’s explore how bad it really is.
While 8,400 malware discoveries every day is certainly alarming, it’s important to know that they’re not coming from the Play Store. There are millions of Android phones around the world that connect to their own dubious third-party app stores, and millions more that side-load suspect apps to bypass paying for them through the Play Store, and that’s where nearly all of the 3.5 million malware instances will come from this year.
But that’s not to say you’re completely in the clear. Android is the most popular mobile OS by a wide margin, and with popularity comes malfeasance. Android will always be a target for hackers, and as such, Google has taken great strides in Nougat and Android O to limit the chance that your phone could get infected.
There’s just one problem: According to the May distribution numbers, just 7.1 percent of all Android phones are running Nougat, less than the 7.5 percent that were running Marshmallow at this time last year. That means they’re not only missing out on some great features, they’re also behind the times when it comes to security. Many of the phones bought last year will never get the latest update, and even a brand new flagship like the Galaxy S8 is still running an OS that’s several versions behind.
And while Google has set a new standard with monthly security updates that most manufacturers do a decent job with delivering, after a short while, those start lagging behind too. Even Google’s devices have a pretty short expiration date of just two years for version updates and three years for security patches, and right on schedule, the Nexus 6 and Nexus 9 are no longer being updated.
It’s one thing to withhold certain new features that the hardware can’t support, but security updates shouldn’t have such a short end-of-life date. Microsoft has vowed to support Windows 10 through 2025, but if you buy a Pixel today, you already know that it won’t get Android Q. And that means it won’t have the latest security measures to fend off future malware.
One step behind
Android O brings a pretty major change to how outside apps are installed. Previously you only needed to flip a single toggle to allow your phone to accept installation of apps from unknown sources, but with Android O, it’s on an app-by-app basis. So, if there’s a malicious app on your phone that’s trying to muck up your system, it won’t be able to inflict any damage unless you give it explicit permission.