Mobile security plays an increasingly important role in the protection of information assets, and this applies to both home and corporate users. So, this publication will focus on analyzing the mobile security landscape based on statistics obtained during the first six months of 2018.
In terms of Android vulnerabilities, 322 security flaws were published up to June of this year, 38% of the total vulnerabilities reported for this platform in 2017, a year in which the amount of Common Vulnerabilities and Exposures (CVEs) reached an historical peak of 842 published flaws. This data indicates that the record will not be broken for the second time in a row in 2018.
What’s more, 23% of the flaws published in 2018 were critical and 13% of them allowed malicious code to execute. This is a considerable improvement on previous years, in which the percentage of critical flaws was significantly higher. At any rate, it is important that users install security patches on time, in order to avoid being affected by serious vulnerabilities, such as those patched by Google last April.
The good news is that the number of malware detections has dropped by 27% compared to the first half of 2017, and by almost 13% compared to the second half of last year, which is perhaps a result of the efforts Google and security researchers have implemented to detect threats and prevent them from spreading.
However, despite having fewer detections, the number of new variants of malicious code for Android continues at around 300 new samples monthly. Another interesting fact is that Android turned out to be the fourth architecture with the most new variants of malware, after Win32, MSIL, and PDF.
Of the threats we’ve been hearing about lately, we’ve found possible variants of Satori and the recent banking Trojan, Exobot. We’ve also seen how credit cards have been the target of numerous malicious apps in Google Play. And we’ve even witnessed major infections of smart TVs running versions of Android TV that tried to mine cryptocurrencies.
In the first half of 2018, Android malware detections were concentrated worldwide in Iran (16%), Russia (14%), and Uganda (8%). The first Latin American country to appear in the international ranking was Mexico (3%) in seventh place, followed by Peru (2%) in tenth place.
Taking into account detections only in Latin American countries, in 2018 the countries with the highest detections were Mexico (25%), Peru (17%), and Brazil (11%).
For iOS, 124 vulnerabilities were published in 2018, which represents 32% of the number of flaws detected for this operating system in 2017 and less than half of those found in Android during the current year. This seems to indicate that the number of vulnerabilities will not exceed the figure obtained in 2017 for both Android and iOS. The percentage of severe flaws is similar to Android, with critical vulnerabilities at 12%.
Apart from that, malware detections for iOS decreased by 15% compared to the first half of last year, but increased by 22% compared to the second half of 2017. The number of new variants of malware continues to be very low, which indicates that we are probably seeing echoes of known malware.
In terms of the geographic distribution of these detections, the data shows that they are mostly concentrated in China (61%), Taiwan (13%), and Hong Kong (3%). In this regard, there were no real changes with respect to what we saw in previous years.