Kaspersky: Android is the new Windows
The security situation on Android looks more and more like the security situation in Windows. This is the opinion of the security experts at Kaspersky in their Malware report for the first quarter of 2011. They expand on that comparison, first noting that there is already a "plethora of Android devices" with outdated software and that this software can contain unpatched vulnerabilities.
The update policy of negligent manufacturers is criticised because the manufacturers can sell vast amounts of Android devices into the market and leave them with old and vulnerable versions of Android having little interest in supporting rapidly obsoleted models. "Is it possible to seriously discuss security in circumstances such as these?" asks the report. Google's own information shows that over 95 per cent of Android devices are not running the latest version of Android.
The next similarity with Windows was that users tend to ignore security alerts when any application is installed or launched for the first time, giving them privileges such as SMS by merely rubber-stamping approval without the consequences being clear. The devices most at risk were, according to Kaspersky, those which had been jailbroken (or "rooted") to give the user full administrator level access to the system.
Kaspersky also points out that mobile malware is moving to command and control style networks which it believes will lead to the emergence of mobile botnets, mirroring the evolution of Windows malware. Finally, the experts note that although Google has the ability to remove rogue applications remotely, those control systems can be bypassed.
That said, Kaspersky belives that the amount of new mobile malware will double, from 500 last year to just over a thousand this year. While the rate of growth is rapid, it is nowhere near the unmanageable levels of Windows, but it still poses a disturbing trend as devices are likely to become mobile wallets in the near future and already hold a lot of personal and work-related information.