The Debate: Google’s Android Security 2016 Year In Review report

The Debate: Google’s Android Security 2016 Year In Review report

Android infected by malware

Google released its Android Security 2016 Year In Review report yesterday and it threw up some very interesting perspectives.

The most interesting one, and also the most controversial is that just 50% of all Android devices received a security update last year. While we can spend hours debating whether the news is good/bad, here is the industry perspective on it.

Just 50% Android smartphones received a security patch in 2016

Good:

Chris Hodson, EMEA CISO at Zscaler 

‘While some may argue that only half of all Android devices receiving a security update in the past year is nowhere near enough, it’s important to remember that Rome wasn’t built in a day. Cyber security is iterative and 50 per cent shows a dramatic increase compared to previous years. This is likely as a direct result of the prioritisation of security updates from phone carriers and the “over-the-air” update process of Android 7.0, which streamlined the boot-up process.

‘With BYOD well and truly entrenched in the modern organisation, the importance of securing devices which may connect to the corporate network, becomes critical. Unfortunately, you cannot patch user awareness. Security updates are just one part of the solution, as without education and awareness – gaps will remain and threats will persist.

‘This user education should extend beyond just the need for security updates but also to highlight the dangers of third party app stores and the installation of applications with overly permissive rights. The Google report, as well as our own Threatlabz research, shows that most malware comes from third party app stores.

‘Reports such as this one serve as a valuable benchmark for the industry and increase collaboration and discussion. While there is still some way to go, shifting from 10 per cent to 50 per cent in a 12-month period is a metric any CISO would be proud of.’


Bad:

David Kennerley, Director of Threat Research at Webroot

‘The report might show that half of Google’s devices are patched as an improvement on previous years, but it really isn’t enough.

‘Android devices account for two thirds of devices globally, which  means that a third of the world’s mobiles aren’t secure. This combined with the fact in our own research we’ve found Android apps pose a five-times-greater threat than others, then it really isn’t a pretty picture.

‘There’s no single solution to this issue, we continue to witness malicious apps appearing on the Google’s official Play Store, though this should always been seen as the safest method to download new apps rather than third party stores. Malicious apps target older versions of Android, so people with older devices or those who have not updated their software are most at risk of being affected.

‘The Android Stagefright vulnerability served as a huge wake-up call and in many ways forced Google into the real world with regards to a more responsive and transparent patching lifecycle. It’s great that a number of phone manufacturers are now partnering with Google in the releasing of timely updates thereby improving security.

‘But the fact is, Android is still lagging far behind iOS in terms of security, the app stores are not as stringent and hackers tend to focus efforts on Android as it’s known as the weaker link.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]