Blog
Rahul Thadani

Android fragmentation leads to security hazards

August 14, 2012
1 Comment
Estimated reading time: 3 minutes

A new version of Android always brings with it tremendous amount of fanfare and adulation. Some versions gain more popularity than others and penetrate deeper markets. However, ‘fragmentation’ is a major hindrance that Android faces and the latest upgrades seldom reach all markets simultaneously. This creates several security loopholes that can be exploited.

A patched OS brings several upgrades that enhance the layers of security and combat the latest threats. With Android malware on a steady rise, an upgraded version simply provides the best security. Older versions are more susceptible to malware and other threats as many people feel their devices are invulnerable. Applications that are infected with malware find it easier to enter phones that are not running the latest upgrades. Similar to desktops, smartphones should also be updated with the latest patches for better security.

Common reasons for delayed updates

A lot of Android users across the world are not even close to the latest upgrades and some of them will never even get to use them at all. Here are the reasons for that:

  • Timely updates are seldom released by OEMs (Original Equipment Manufacturers). The reason is that if the latest updates were instantly available, sales of new handsets will dwindle.
  • Since OEMs add their own skins and UI to Android, it takes longer to create development kits. This delays the process.
  • Google does not enforce uniformity across all manufacturers. If Google enforced hardware policies and forced manufacturers to adhere to them, several security risks could be avoided.
  • Latest Android versions do not work smoothly on low cost devices with less powerful specs.
  • Some users are not aware of the latest versions and simply do not know how to upgrade.

Android user statistics

These numbers are taken from Google Play (Android Market) and do not necessarily include all registered users and also do not include users who bought Quick Heal Mobile Security from other sources.

QH user stats

  • A majority of users (58.94%) are on Android 2.3.3 – 2.3.7 (Gingerbread). This is not the latest version but it is the most widespread of the recently released versions. Android 2.3 is run by 0.19% so Gingerbread users have mostly updated the latest patches.
  • 20.92% users are on Android 2.2 (Froyo) and 8.18% are on Android 2.1 (Eclair). These are the users who are most at risk since these are older versions of Android.
  • 7.05% users on Android 4.0 – 4.0.4 (Ice Cream Sandwich) are relatively safe since ICS has effective security features.
  • Android 4.1 (Jelly Bean) is used by 0.12%. This is the latest version and is only available on very selected devices as of now.

This table lists the top 10 Android malware families that Quick Heal detected in 2011. Older versions of the OS are more gullible to these threats than the latest ones.

Android malware

Description

Android.Lotoor.A Gains root privilege
Android.Lightdd.A Steals and sends information from the device
Android.FakePlayer.A Sends messages to premium-rate numbers
Android.Basebridge.A Calls and messages premium-rate numbers
Android.Lotoor.B Attacks the root level and sends data
Android.DroidKungFu.A Botnet that steals and sends information
Android.Bgserv.A Transfers sensitive data in a concealed way
Android.Erahsooc.A Sends information to a remote server
Android.Geimini.A Sends location and gains root control
Android.GoldDream.B Records call logs, messages and shares them

We advise all users to regularly update their Android version. This is more applicable to users who store sensitive data on their smartphone or carry out financial transactions. Admittedly, this is not possible for all users. Hardware limitations are a hindrance so one must study the requirements of a new OS version carefully before installation. The latest updates enhance security but can cause a dip in performance if the hardware requirements are not met.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

1 Comment

Your email address will not be published.

CAPTCHA Image

  1. Thanks a lot Rahul for such a detailed and precise information.
    Surely its a need,to always keep updated with latest security patches and upgraded to.

    Reply