In the era of the personal computer, Apple Inc. (AAPL)’s machines were often less vulnerable to security threats than the alternatives. That may also be the case with the rise of smartphones.
Google Inc. (GOOG)’s Android operating system for mobile devices has had an almost sixfold increase in threats such as spyware and viruses since July, according to Juniper Networks Inc. (JNPR) That may increase the perception that Apple devices are safer than smartphones and tablets that run on Android, said Juniper.
“You’re not going to see nearly the number of infections on Apple as you see on Android,” said Dan Hoffman, who leads a team tracking mobile threats for Sunnyvale, California-based Juniper, the second-largest maker of networking equipment.
Most of the growth in Android threats comes from applications, or apps, available from sites not associated with Google’s Android Market, according to data Juniper collected as of Nov. 10. Apple doesn’t face the same issue because iPhone and iPad owners can only get applications from Apple’s App Store, which is controlled by the company.
“The open nature of the Android system makes it more susceptible to attack,” Hoffman said in an interview. “If it’s on a third-party site, Google can’t remove it.”
Making malware is easier with Android software because the applications aren’t checked, the source code is open and the apps can be sold on external sites, Hoffman said. Android is free and available for download by anyone, while Apple screens each application added to its store. With Android growing faster than Apple’s system, it appeals to hackers seeking greater reach, he said. Of the thousands of infected Android apps, 55 percent contain spyware, which can gather data from phone use.
Increasing Market Share
Google, based in Mountain View, California, and Apple, based in Cupertino, are vying for control of a smartphone market as computing evolves from desktop machines to mobile devices. While Apple has championed a closed system in which it makes its own hardware and doesn’t share its operating system, Google has opted for an open approach, allowing companies such as Samsung Electronics Co. and Motorola Mobility Holdings Inc. to use Android in phones and tablets for free.
The wide availability of apps has helped the Silicon Valley rivals outpace traditional handset makers such as Nokia Oyj (NOK1V) and Research In Motion Ltd. (RIMM) The mobile handset market gained 5.6 percent in the third quarter to 440.5 million phones globally, Gartner Inc. said. The Android system accounted for more than half of smartphone sales, more than doubling its share from a year earlier, while Apple’s share slipped to 15 percent from 16.6 percent.
Virus in Disguise
Hoffman said the 472 percent jump in application viruses since July stems from Android users’ ability to buy apps online at third-party sites like mmoovv.com and samsunggalaxy-s.ru that can contain malicious applications alongside legitimate ones.
Android users may be drawn to the sites to find cheaper versions of programs, or because the Android Market isn’t available in some places, such as China. On a third-party site, it’s possible to find an infected “Angry Birds” game uploaded right next to a legitimate one, said Danielle Hamel, a Juniper spokeswoman.
Spyware threats are increasingly coming from pirated versions of popular apps, Hoffman said. While the apps are designed to look and work like something legitimate already on the market, they contain viruses that can grab users’ private data or communicate with other parts of the phone.
Randall Sarafa, a Google spokesman, said the company had no comment. Trudy Muller, an Apple spokeswoman, didn’t respond to a phone call.
“We take appropriate action when we encounter counterfeit products, both digital and physical,” said Sini Matikainen, a spokeswoman for Rovio Entertainment Oy, the Helsinki-based maker of “Angry Birds.”
Citing competition from other security vendors, Juniper declined to disclose the exact number of data samples used to determine the increase in Android threats. In order for Juniper to count an application as infected, it must have an instance of “hostile” or “intrusive” code.
Juniper doesn’t have numbers for malware on Apple’s operating system because cases are rare, Hoffman said. Security researcher and hacker Charlie Miller said this month on Twitter that he was kicked out of Apple’s development community for one year after loading an app that exposed vulnerability.
Evolving App Market
The relative youth of the mobile-application market allows programmers to exploit weaknesses in an open-source model and once developers for Android discover all potential threats, it might become more secure than a closed operating system over time, said Edward Amoroso, chief security officer for AT&T Inc. (T), the second-largest U.S. wireless carrier.
“An open model tends to allow a flurry of vulnerabilities, very quickly, that tend to stop being a problem as more people find them,” Amoroso said in an interview. “A closed system will have longer, more sustained, but more predictable and controllable set of vulnerabilities.”
He said open-source operating systems for personal computers were more vulnerable than Microsoft Windows for years, until eventually the programming community was able to make them safer.
The smartphone security threats may provide a business opportunity for companies selling protection. IDC, an information technology research firm, expects the mobile security software market to expand 15.1 percent annually.
Consumers concerned with threats can load software onto their phones for protection. Hundreds of security applications are available at the Android Market, including Lookout Security & Antivirus which says it has more than 12 million users.
International Business Machines Corp. (IBM) and Symantec Corp. are among those investing in solutions for the corporate market. IBM last week started selling a service that ensures personal devices comply with corporate security policies and detects malware.
“Applications can do anything,” Latha Maripuri, a director of security services at IBM, said in an interview. “They can access your bank account through the data that you may have stored on your e-mail. They can access whatever company data you’ve uploaded. We’ve really seen a rise in threats and we expect this to grow.”
To contact the reporters on this story: Sarah Frier in New York at firstname.lastname@example.org
To contact the editor responsible for this story: Peter Elstrom at email@example.com