or Connect
AppleInsider › Forums › Mobile › iPhone › Apple's Phil Schiller plugs security report showing 99% of mobile malware targets Android
New Posts  All Forums:Forum Nav:

Apple's Phil Schiller plugs security report showing 99% of mobile malware targets Android

post #1 of 53
Thread Starter 
Apple's marketing chief took to Twitter on Tuesday to promote the 2014 edition of Cisco's Annual Security Report, presumably in a bid to draw attention to the report's finding that 99 percent of mobile device-targeted malware is directed at Android.

Schiller tweet


Schiller offered a link to the report sans comment, a common practice for the executive since joining Twitter in 2008. Tuesday's tweet marks the second time Schiller has referenced Cisco's yearly missive after he directed followers to the 2013 edition last year.

The report notes that while malicious software aimed at specific mobile devices comprised just 1.2 percent of malware tracked by Cisco in 2013, it is a growing area of concern. Android devices bore the brunt of those attacks, with J2ME-enabled devices --?like Nokia's Asha series --?second on the list.

Cisco report


Social engineering attacks, such as phishing and likejacking, are said to be far more prevalent. Malware authors use these methods to access accounts and collect personal identification, like social security and credit card numbers, to commit financial crimes.

The gulf between Android and iOS is narrower, but still enormous, when these non-targeted attacks are considered.

"An analysis of user agents by Cisco TRAC/SIO reveals that Android users, at 71 percent, have the highest encounter rates with all forms of web-delivered malware," the report says, "followed by Apple iPhone users with 14 percent of all web malware encounters."
post #2 of 53
But...but...but... Android is "open", it's "Free", and Apple is "Walled Garden", "no choice"!!


Is Cisco implying that Android is less secure than iOS?? But...but... that's not what I'm hearing..

http://www.dailytech.com/Googles+Eric+Schmidt+Says+Android+is+More+Secure+Than+iPhone/article33515.htm

edit: Got my Os's all mixed-up... :/
Edited by sflocal - 1/21/14 at 2:51pm
post #3 of 53

Report download button seems to be borked for me; it redirects me to an unresponsive thank-you page. Has anyone else succeeded in downloading the report?

post #4 of 53
Why pay for an AI subscription when we can simply follow Schiller for free? This isn't Daring Fireball, guys.
Citing unnamed sources with limited but direct knowledge of the rumoured device - Comedy Insider (Feb 2014)
Reply
Citing unnamed sources with limited but direct knowledge of the rumoured device - Comedy Insider (Feb 2014)
Reply
post #5 of 53
Quote:
Originally Posted by sflocal View Post

But...but...but... Android is "open", it's "Free", and Apple is "Walled Garden", "no choice"!!


Is Cisco implying that Android is less secure than Android?? But...but... that's not what I'm hearing..

http://www.dailytech.com/Googles+Eric+Schmidt+Says+Android+is+More+Secure+Than+iPhone/article33515.htm

The operative word is target, it's definitely more targeted, now whether the attempts hit their mark is another story.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #6 of 53
Quote:
Originally Posted by sflocal View Post

Is Cisco implying that Android is less secure than Android??

 

Not likely.  Even if you mean to say, "Is Cisco implying that Android is less secure than iOS??" the answer is still the same.  If one were to use that logic then Windows Phone is more secure then iOS as it's targeted less.  I don't think many here would agree with that conclusion.

post #7 of 53

Yo dudes, you Apple fans make me sick to my stomach!

 

There are hardly any malware issues on Android at all! My Android phone has no issues at all.

 

I am so damn cheap (being an Android user of course), that my solution is simply not to connect to the internet at all. I don't use the internet at home and I especially don't use it on flights. 

 

And for those rare times when I do need to connect, I simply run shady anti-virus and anti-malware software which I illegally downloaded from some Chinese site.

 

So there you have it Apple fans, Android is the way to go. And besides, I have $3.50 in my bank account, so there's nothing much to lose if somebody were to hack my phone. 

 

Apple users pay way too much for their devices. Every penny saved is a fortune for Android users such as myself. I'd love to chat more, but I'm off to eat my ramen noodles dinner right now. I'm heating it up at my neighbors house, so I don't have to use my own stove. 

post #8 of 53
Wow, I'm definitely switching to Windows Phone!

j/k
post #9 of 53

I personally don’t like this sort of thing from Apple. Talking trash about your competitor means you’re worried about them. Phil, shut your pie hole and let us the faithful take care of the hatchet jobs.

post #10 of 53

Seems about right. 

 

Android has over 80% of the global market, and encounters about 71 percent of the attacks.

Apple has 12% of the global market and encounters 14% of the attacks.

post #11 of 53
Quote:
Originally Posted by Apple ][ View Post

 

There are hardly any malware issues on Android at all! My Android phone has no issues at all.

I went with Android over price. I don't think you should be so quick to try and stereotype users. I'm pretty happy with the state of protection on Android as is. I've encountered dodgy banner ads on sites that try and install malware, but generally what they do is present a ridiculous list of steps to follow. One of these steps is always to disable the security option on your phone.

 

I feel the only way that you can avoid being insecure if people are willing to do that is to go with Apple's approach. That comes with a whole bunch of added costs and complexities that I don't think Google wants to deal with.

 

Your chances of getting malware on either platform are pretty damn low, but on Google's products you can actively harm things if you follow instructions blindly. That's generally not the case on Apple's products.

 

No need to paint it as a battle between stereotypical poor users and 'correct' Apple users. Just different approaches.

post #12 of 53

I can't be the only one to notice that the graphic breaks out the Iphone Ipad and Ipod individually.  If you added them together they would be much closer to the bar representing android.

post #13 of 53

What point is he trying to make? I don't like this cockiness he's displaying. To me, it sounds like he's playing the for Apple to win, Android has to lose game. Why not just shut up, stay on task and beat them. Don't worry about them, focus on what you do and do it very well. 

 

Also, all this is doing is asking for iOS to get their fair share of malware and don't say it can't happen because these people aren't stupid. They'll find a way for it to happen. Its only a matter of time. 

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5

120 GB SSD/500 GB HD/8 GB RAM

AMD Radeon HD 6630M 256 MB

Reply
post #14 of 53
Quote:
Originally Posted by ItsTheInternet View Post
 

I went with Android over price. I don't think you should be so quick to try and stereotype users. I'm pretty happy with the state of protection on Android as is. I've encountered dodgy banner ads on sites that try and install malware, but generally what they do is present a ridiculous list of steps to follow. One of these steps is always to disable the security option on your phone.

 

I feel the only way that you can avoid being insecure if people are willing to do that is to go with Apple's approach. That comes with a whole bunch of added costs and complexities that I don't think Google wants to deal with.

 

Your chances of getting malware on either platform are pretty damn low, but on Google's products you can actively harm things if you follow instructions blindly. That's generally not the case on Apple's products.

 

No need to paint it as a battle between stereotypical poor users and 'correct' Apple users. Just different approaches.

 

Did you see how malware companies are buying up Chrome extension makers?

 

They do this because they can "update" the chrome extensions to include whatever they want and push them out to Android devices with no user awareness, at all.

 

Fun times, enjoy your malware laden piece of junk.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #15 of 53
Quote:
Originally Posted by hill60 View Post
 

 

Did you see how malware companies are buying up Chrome extension makers?

 

They do this because they can "update" the chrome extensions to include whatever they want and push them out to Android devices with no user awareness, at all.

 

Fun times, enjoy your malware laden piece of junk.

Such are the perils of auto-updating. Regardless it happened to I think a total of two extensions. This is nothing to do with the topic of this thread though, as they are for Chrome, a browser. One that works on basically every platform.

post #16 of 53

You guys are ridiculous, I use a Model 500 phone, it's the coolest phone out there and a definite head turner. It is more secure than an iPhone, Android, Windows, and BB. You guys overpay for everything, do yourself a favor and get yourself one. I'm however finding it difficult to find a case and screen protector for it.

http://en.wikipedia.org/wiki/Model_500_telephone

bb
Reply
bb
Reply
post #17 of 53
@frood
"Seems about right.

Android has over 80% of the global market, and encounters about 71 percent of the attacks.
Apple has 12% of the global market and encounters 14% of the attacks."


Then how does your logic explain that all holiday shopping was five times greater on iOS than on using an Android device?
post #18 of 53
Quote:
Originally Posted by veggiedude View Post


Then how does your logic explain that all holiday shopping was five times greater on iOS than on using an Android device?

Well it makes sense that people buying the product at the high end of the market would be more likely to have cash to spend on shopping. There's also the fact that iOS occupies a very high marketshare in the US vs a lot of the world.

post #19 of 53
Quote:
Originally Posted by lkrupp View Post

I personally don’t like this sort of thing from Apple. Talking trash about your competitor means you’re worried about them. Phil, shut your pie hole and let us the faithful take care of the hatchet jobs.
Quote:
Originally Posted by macxpress View Post

What point is he trying to make? I don't like this cockiness he's displaying. To me, it sounds like he's playing the for Apple to win, Android has to lose game. Why not just shut up, stay on task and beat them. Don't worry about them, focus on what you do and do it very well. 

Also, all this is doing is asking for iOS to get their fair share of malware and don't say it can't happen because these people aren't stupid. They'll find a way for it to happen. Its only a matter of time. 

It's called marketing.

He's just doing his job.
Android: pitting every phone company in the world against one, getting a higher number, and considering it a major achievement.
Reply
Android: pitting every phone company in the world against one, getting a higher number, and considering it a major achievement.
Reply
post #20 of 53
Quote:
Originally Posted by veggiedude View Post

@frood
"Seems about right.

Android has over 80% of the global market, and encounters about 71 percent of the attacks.
Apple has 12% of the global market and encounters 14% of the attacks."


Then how does your logic explain that all holiday shopping was five times greater on iOS than on using an Android device?

Viruses on iOS.

ShopbotGate.

1wink.gif
Android: pitting every phone company in the world against one, getting a higher number, and considering it a major achievement.
Reply
Android: pitting every phone company in the world against one, getting a higher number, and considering it a major achievement.
Reply
post #21 of 53

What about web usage among users? Why do Android users (despite their vast numbers) do not USE their devices for the very purpose it was designed for... to browse the web?

 

 

For Q1 2013:

 

iPad 89.28% vs Android 10.71% (I included Kindle stats with Android)

 

iPhone was 63.20% vs Android 35.52%

 

http://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/

post #22 of 53
Quote:
Originally Posted by lkrupp View Post

I personally don’t like this sort of thing from Apple. Talking trash about your competitor means you’re worried about them. Phil, shut your pie hole and let us the faithful take care of the hatchet jobs.

He isn't lying unlike Creepy Eric.
post #23 of 53
Quote:
Originally Posted by macxpress View Post

What point is he trying to make? I don't like this cockiness he's displaying. Why not just shut up, stay on task and beat them. Don't worry about them, focus on what you do and do it very well. 
I'm actually surprised Phil isn't posting things like this every 3 minutes.

Imagine watching something you passionately worked on, endless hours, sacrificed time with family, etc. to then have it copied & then watch the press claim your company and your work isn't innovating.

When the products you've worked on are the only consumer technology products that have actually mattered for the last 12-15 years.

It would piss me off! He's sick of it! He's pissed! I don't blame him!

It's like looking at a Ferrari (iOS) and saying that Datsun (Android) over there has the same paint so their the same!
post #24 of 53
Quote:
Originally Posted by veggiedude View Post
 

What about web usage among users? Why do Android users (despite their vast numbers) do not USE their devices for the very purpose it was designed for... to browse the web?

I thought we weren't supposed to trust these metrics. Besides I very much doubt abstract stats like this capture use too well. For example I am often on my desktop PC vs my tablet/phone. Just because I don't use it to browse the web doesn't mean I'm unhappy with it, or I don't value it. I honestly don't get the argument.

post #25 of 53
Quote:
Originally Posted by GTR View Post


It's called marketing.

He's just doing his job.
I would take it a step back from that. The two you are responding to are whining that he is pointing out the flaws in Android, when it may just be that he is drawing attention to how well iOS devices ranked on the report. It is perfectly valid for him to point this out as it is from a respectable and well reputed vendor. And as he posted it without comment, any people complaining that he is somehow doing a hatchet job or mud slinging are truly inferring from his post as it is in no way implied.
NoahJ
"It is unwise to be too sure of one's own wisdom. It is healthy to be reminded that the strongest might weaken and the wisest might err." - Mahatma Gandhi
Reply
NoahJ
"It is unwise to be too sure of one's own wisdom. It is healthy to be reminded that the strongest might weaken and the wisest might err." - Mahatma Gandhi
Reply
post #26 of 53
Quote:
Originally Posted by GTR View Post


It's called marketing.

He's just doing his job.

I don't think his job is marketing.

Edit: Oops it sure is. lol.gif
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #27 of 53
Apple reported 700 million iOS devices around the end of October.
Google reported 1 billion around that time.

It really doesn't make sense that Android would have more attacks because of device ownership, especially in light of the usage statistics and the fact that many Android devices are pretty much dumbphones. The Cisco report seems to be online here:

https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

It says 98% of Android malware is with SMSSend, which can:

- Steal your contacts and pictures
- Track your location
- Access your text messages
- Log your keystrokes and passwords
- Send SMS messages to premium numbers without your knowledge that can result in a very high phone bill
- Fake legitimate banking applications and steal your personal banking information when you log in

Most of that should be normal to Android users, it's just the last two items are things Google wouldn't really do themselves.

Anyway, it's really the infection rate that's important and Cisco doesn't seem to go into detail about that. Google doesn't seem to think it's a problem and the stats given here show quite a low infection rate:

http://www.informationweek.com/mobile/google-dont-fear-android-malware/d/d-id/1111863?

"Google's Android chief of security Adrian Ludwig, who reported that only 0.001% of apps downloaded by Android users pose any harm to their devices or data.

The Google statistic includes not only apps downloaded from Google Play, but any app installed by a user on his Android device. Ludwig used the finding to argue that Google's approach to app installation -- in essence, anything goes -- is a better system than Apple's walled-garden model, which requires all apps to be vetted before they can be downloaded and installed by users on their devices.

"A walled garden systems approach [to] blocking predators and disease breaks down when rapid growth and evolution creates too much complexity," the biologically minded Ludwig told the conference, reported Quartz. "Android's innovation from inside and outside Google are continuous, making it impossible to create such a walled garden by locking down Android at the device level."

Ludwig continued by likening Android's security model to how the Centers for Disease Control and Prevention (CDC) tackles real-world infections. "The CDC knows that it's not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks," he said.

Do Google's mobile malware infection statistics and approach add up?

A study released Monday by researchers at the Georgia Institute of Technology and security firm Damballa, "The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers," found that mobile malware "appears in a minuscule number of devices" in the two networks they studied. Those networks belonged to "a major U.S. cellular provider as well as a major U.S. non-cellular Internet service provider." In particular, just 3,492 out of more than 380 million devices exhibited signs that they'd been infected with mobile malware. That's fewer than 0.0009%, which is even lower than Google's finding, although Google's research encompassed devices from outside the United States, where mobile infection rates have historically been higher."
post #28 of 53
In the interest of full disclosure, Phil Schiller works for Apple. /s

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #29 of 53
Quote:
Originally Posted by Marvin View Post

Apple reported 700 million iOS devices around the end of October.
Google reported 1 billion around that time.

It really doesn't make sense that Android would have more attacks because of device ownership, especially in light of the usage statistics and the fact that many Android devices are pretty much dumbphones. The Cisco report seems to be online here:

https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

It says 98% of Android malware is with SMSSend, which can:

- Steal your contacts and pictures
- Track your location
- Access your text messages
- Log your keystrokes and passwords
- Send SMS messages to premium numbers without your knowledge that can result in a very high phone bill
- Fake legitimate banking applications and steal your personal banking information when you log in

Most of that should be normal to Android users, it's just the last two items are things Google wouldn't really do themselves.

Anyway, it's really the infection rate that's important and Cisco doesn't seem to go into detail about that. Google doesn't seem to think it's a problem and the stats given here show quite a low infection rate:

http://www.informationweek.com/mobile/google-dont-fear-android-malware/d/d-id/1111863?

"Google's Android chief of security Adrian Ludwig, who reported that only 0.001% of apps downloaded by Android users pose any harm to their devices or data.

The Google statistic includes not only apps downloaded from Google Play, but any app installed by a user on his Android device. Ludwig used the finding to argue that Google's approach to app installation -- in essence, anything goes -- is a better system than Apple's walled-garden model, which requires all apps to be vetted before they can be downloaded and installed by users on their devices.

"A walled garden systems approach [to] blocking predators and disease breaks down when rapid growth and evolution creates too much complexity," the biologically minded Ludwig told the conference, reported Quartz. "Android's innovation from inside and outside Google are continuous, making it impossible to create such a walled garden by locking down Android at the device level."

Ludwig continued by likening Android's security model to how the Centers for Disease Control and Prevention (CDC) tackles real-world infections. "The CDC knows that it's not realistic to try to eradicate all disease. Rather, it monitors disease with scientific rigor, providing preventative guidance and effective responses to harmful outbreaks," he said.

Do Google's mobile malware infection statistics and approach add up?

A study released Monday by researchers at the Georgia Institute of Technology and security firm Damballa, "The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers," found that mobile malware "appears in a minuscule number of devices" in the two networks they studied. Those networks belonged to "a major U.S. cellular provider as well as a major U.S. non-cellular Internet service provider." In particular, just 3,492 out of more than 380 million devices exhibited signs that they'd been infected with mobile malware. That's fewer than 0.0009%, which is even lower than Google's finding, although Google's research encompassed devices from outside the United States, where mobile infection rates have historically been higher."

Thank you for posting research-based evidence on infection rates.
post #30 of 53

" . . . Phil Schiller plugs security report . . . "

Tweeting a URL is hardly a "plug."

Much less "talking trash," "cocky," or "a hatchet job."

It's pretty quietly confident though!

post #31 of 53
Quote:
Originally Posted by bloggerblog View Post
 

You guys are ridiculous, I use a Model 500 phone, it's the coolest phone out there and a definite head turner. It is more secure than an iPhone, Android, Windows, and BB. You guys overpay for everything, do yourself a favor and get yourself one. I'm however finding it difficult to find a case and screen protector for it.

http://en.wikipedia.org/wiki/Model_500_telephone

At least you are not on one of those party lines where everyone was hacked. 

post #32 of 53
Quote:
Originally Posted by Apple ][ View Post
 

Yo dudes, you Apple fans make me sick to my stomach!

 

There are hardly any malware issues on Android at all! My Android phone has no issues at all.

 

I am so damn cheap (being an Android user of course), that my solution is simply not to connect to the internet at all. I don't use the internet at home and I especially don't use it on flights. 

 

And for those rare times when I do need to connect, I simply run shady anti-virus and anti-malware software which I illegally downloaded from some Chinese site.

 

So there you have it Apple fans, Android is the way to go. And besides, I have $3.50 in my bank account, so there's nothing much to lose if somebody were to hack my phone. 

 

Apple users pay way too much for their devices. Every penny saved is a fortune for Android users such as myself. I'd love to chat more, but I'm off to eat my ramen noodles dinner right now. I'm heating it up at my neighbors house, so I don't have to use my own stove. 

 

and using your neighbor's wifi to post this... 

post #33 of 53
Quote:
Originally Posted by dasanman69 View Post


The operative word is target, it's definitely more targeted, now whether the attempts hit their mark is another story.

 

Crooks go where the money is. If they're targeting Android it's not because they like Apple, hate Google or anything like that. It's pure business, and if their attacks weren't getting them anything in return (information, ID's, $$$) then they wouldn't keep doing it.

 

 

I read the report Marvin linked, and I'm skeptical of their methods. They are tracking the domains visited by mobile devices and then treating the "suspect" domains as malware. I doubt this method accurately catches all types of malware. For example, if I have an App that sends information out via SMS, then their study doesn't catch it. If my App sends e-mails then they can't catch those either. Or if an App is connecting to a legitimate server, but passing additional information from your device that it shouldn't be. There are so many different ways to steal your data, and tracking which domains your device connects to is, IMO, not nearly reliable enough.

 

I'm also suspect of their ridiculously low number of 3,500 out of 380 million. Not that I think the number should be in the millions, but 3,500 seems ridiculously low.

post #34 of 53
Quote:
Originally Posted by hill60 View Post
 

 

Did you see how malware companies are buying up Chrome extension makers?

 

They do this because they can "update" the chrome extensions to include whatever they want and push them out to Android devices with no user awareness, at all.

 

Wait, does chrome on android even support extensions?

post #35 of 53
Quote:
Originally Posted by d4NjvRzf View Post
 

Wait, does chrome on android even support extensions?

Not as far as I know. I have the beta on mine and I don't see any extensions option.

post #36 of 53
Quote:
Originally Posted by d4NjvRzf View Post
 

Wait, does chrome on android even support extensions?

 

No, it doesn't.

post #37 of 53
Quote:
Originally Posted by hill60 View Post

Did you see how malware companies are buying up Chrome extension makers?

They do this because they can "update" the chrome extensions to include whatever they want and push them out to Android devices with no user awareness, at all.

Fun times, enjoy your malware laden piece of junk.

That's the computer version.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #38 of 53
Quote:
Originally Posted by lkrupp View Post

I personally don’t like this sort of thing from Apple. Talking trash about your competitor means you’re worried about them. Phil, shut your pie hole and let us the faithful take care of the hatchet jobs.


 


Pretty sure Phil didn't make amy comments.
post #39 of 53
Quote:
Android has over 80% of the global market, and encounters about 71 percent of the attacks.
Apple has 12% of the global market and encounters 14% of the attacks

Just out of curiosity - where do these numbers come from? Last I had seen (sometime 2013) was Apple at a global 20something% market share, with Android-powered devices having about double of that....
post #40 of 53
Quote:
Originally Posted by florianvk View Post


Just out of curiosity - where do these numbers come from? Last I had seen (sometime 2013) was Apple at a global 20something% market share, with Android-powered devices having about double of that....

 

Google, Bing, or whatever search engine you prefer will gladly lead you to those figures.  It's been widely reported that Android has over 80% of the global market.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Apple's Phil Schiller plugs security report showing 99% of mobile malware targets Android
AppleInsider › Forums › Mobile › iPhone › Apple's Phil Schiller plugs security report showing 99% of mobile malware targets Android