An IT Wire story published on the 8th of September is suggesting that Android may be becoming the target of choice for malware authors over Windows.
There are a lot of ways that you can parse the meaning of the data cited in the IT Wire story, with some reasonable and some unreasonable conclusions being drawn by commentators on social media.
It’s long been hypothesized that the reason that malware infections on Windows were more prevalent than on other platforms was due to the greater market share of the Windows OS. I suspect that this theory is being borne out. The rise in market share of Android has been accompanied by a rise in the amount of malware targeting the platform. As more and more people use Android devices, malware authors are going to spend more time coming up with ingenious ways of exploiting the platform.
Microsoft had to go back to the drawing board after the release of Windows XP to start to stem the flood of malware. It took rebuilding Windows from the ground up, which impacted many existing applications, to develop a newer, more hardened, version of Windows. It’s likely that Android will similarly need to be rebuilt form the ground up (with all the fun that brings to existing application compatibility (just look at Vista) to similarly stem what appears to be an increasing tide of nefarious software targeting the platform. Part of the reason that malware is becoming more prevalent is the rise in use of the platform, part of it is due to vulnerabilities inherent in the platform. All platforms have inherent vulnerabilities, more so if they aren’t built from the ground up with security in mind.
In terms of managing things from the Enterprise perspective. Organizations came up with strategies to deal with malware on computers. However, for many organizations, Endpoint Protection considerations don’t include anything beyond client computers. This is going to need to change as mobile devices, including those running the Android OS, are increasingly going to be used to access sensitive internal organizational resources. A future Endpoint Protection strategy needs to pay as much attention to mobile malware as it does traditional desktop malware.
They need to do this because people are increasingly using mobile devices to perform critical job functions. And organizations need to find some way to allow a class of device that’s increasingly susceptible to malware infection to access to sensitive resources in a way that doesn’t compromise those resources.
In the past few years we’ve seen a swing away from security towards convenience when it comes to providing resource access to mobile devices. If the rate of malware growth on mobile platforms increases, it’s likely that we’ll see a swing back towards restricting access so that it is only granted to trusted devices.
Until we get anti-malware on mobile right, that’s going to be quite a mountain to climb.
