In 2018 alone, mobile phone users downloaded applications more than 205,000 million times. It is not uncommon for the week that we talk about a vulnerability that has affected an Android or iPhone application, but one of the latest studies on mobile security reveals that there are a huge number of applications that present vulnerability problems, endangering our data personal It also banishes one of the great myths, which ensure that iOS is a much safer platform than Android.
Specifically, this is the annual report of Positive Technologies, a global security solutions provider specializing in vulnerability detection and threat management, in the world of telecommunications. The newly presented study reveals that an attacker rarely needs to have physical access to our smartphone in order to steal personal data. Tests conducted on iOS and Android show that insecure data storage is the most common security flaw in mobile applications on both platforms.
Android vs. iOS
Specifically, critical vulnerabilities are slightly more common on Android, reaching 43% versus 38% of iOS. Insecure data storage has been identified as the most common vulnerability exploited by malware, since it is found in 76% of mobile applications and on certain occasions it could make it easier for hackers to steal financial information, passwords, personal data or emails. Of all the vulnerabilities found 89% could be exploited by malware, a risk that according to the study, increases in jailbroken or rooted devices.
With regard to Android, 74% of security flaws come from the application side, while 42% are from the server or even a combination of both. For Leigh-Anne-Gallow, head of cyber-security at Positive Technologies, they pay special attention to software design, paying less attention to security problems that may be present in the code. The recommendations released by security experts go through avoiding opening unknown links in SMS and chat applications, as well as not downloading applications from third-party stores.
The most dangerous
Both iPhone and Android have a recent and past history of virus and malware infections. Some of the most dangerous for iOS have been detected by major security laboratories, or reported by a user when it was too late. Wirelurker is considered the most dangerous malware for iOS, capable of stealing all personal data including contact addresses or text messages, in addition to taking control of the device. It spreads via USB and it is not necessary in this case to have jailbreak. In the dangerous field of “ramsonware” iPhone has not been spared attacks like KeRanger, which spreads through a BitTorrent file download client and takes control of the device, asking cyber-criminals for a ransom to unlock it.
Android is also full of similar examples. A few months ago the BeiTaAd or BeitaPlugin strain was intercepted, a malicious software that will go down in history because it is one of the most difficult to detect and easily pass security systems to infect 238 different applications on Google Play. Zoopark has been another one of those viruses, detected by Kaspersky and that is able to track our activity, see all WhatsApp or Telegram messages and even record our calls. Another of the most dangerous “angels” detected on Android is Skygofree, which can steal any information from our mobile and even connect to Wi-Fi networks that are managed by hackers. However, following the basic safety recommendations, we can be “calm” in the face of all these types of threats.