Despite recent efforts by Google to address Android security vulnerabilities through a series of software patches, mobile handset providers are not demonstrating the urgency required to bring these fixes to all of their users. As a result, app providers themselves need to take the initiative and implement their own measures to keep user data safe. This is according to Norwegian app security firm Promon.
Google’s recently published Android Security 2015 Annual Report said that, despite steps to introduce patches to combat issues such as last year’s Stagefright bugs, 29 per cent of the unique Android models available to the public are not supported to receive these regular updates. This tardiness on the part of many handset vendors is leaving millions of users at risk of cybercrime, and shows that it is time for app developers to take security matters into their own hands, the firm says.
Tom Lysemose Hansen, founder and CTO at Promon, said: “Google has upped its game and is doing its part to address the glaring vulnerabilities that bugs such as Stagefright exposed. But once these patches are produced, it’s then up to individual handset vendors to make sure the updates are customised for each device and then rolled out to users. Google’s own Nexus devices now receive these updates, but adoption amongst other vendors has been – for want of a better phrase – patchy.”
Symantec’s 2016 Internet Security Threat Report has shown a 77 per cent year-on-year growth in the number of new Android mobile malware variants. This indicates that Android-focused hackers have established themselves as a serious threat, and are now concentrating on refining their craft.
Hansen added: “The Android threat landscape is a rapidly evolving one, and hackers are much savvier now than they once were. As a result, delaying in making regular patches available can have serious consequences in terms of increased data theft and fraud. This can cause significant damage to the reputations of handset vendors and, by association, app providers.”
To address these issues, Hansen believes that app providers should take matters into their own hands, by taking steps to protect their own apps.
He said: “Google’s report has shown that it’s very difficult to rely on handset providers to make security patches available swiftly and efficiently. By introducing self-defending app software, providers can take charge of their customers’ data security by protecting their apps from any threats that may have found their way onto a user’s device. What app developers need to realise is that they represent a crucial cog in the Android cybersecurity machine. With handset developers representing an unreliable and inefficient medium through which data can be secured, it’s time for the app makers themselves to step up. Hackers are refining their craft; it’s now up to the app providers to refine theirs.”
