At the Google I/O developer conference in 2016, the company proudly announced Android users downloaded 65 billion apps from the Google Play store in the prior year. Within the same timeframe – shudder – 600 new Android smartphone models hit the market. 82 percent of Android devices were susceptible to at least one of 25 vulnerabilities in the Android operating system.
Such massive numbers concern us when considering our own research and what it tells us about trends in mobile security. So we produced an infographic highlighting 10 statistics from our 2016 NowSecure Mobile Security Report.
For example, we found a high-risk security flaw in 25 percent of the sample of mobile apps we tested for the report. We define a high-risk flaw as one that exposes private or sensitive data about a user or their activity. We also identified a pattern in our dataset of more popular apps (judged by the number of downloads) being more likely to include a security flaw.
In taking a look at mobile devices, another dismaying statistic about Android emerged – 50.5 percent of the devices in our sample ran a version of Android that was two-or-more-years old (and one-or-more major versions out of date). Similarly, 82 percent of devices that ran the VTS for Android app, which identifies vulnerabilities in the Android device on which it’s installed, and shared results were susceptible to at least one of 25 vulnerabilities in the Android operating system.
We’ve discussed on the NowSecure blog that we can’t count on Apple or Google to solve the mobile security problem on their own as a feature of their mobile platforms. Learning that 600 more Android device models have hit the market, each potentially running yet another variant that may not receive updates, doesn’t make us feel any better about the fragmentation situation.
Also to illustrate the potential significance of vulnerable apps, let’s walk through a thought experiment. If 25 percent of the 2 million apps on Google Play include a security flaw – some distribution of which users have downloaded 65 billion times – a proportion of those downloads could have introduced a considerable number of vulnerabilities at the device level. Ten vulnerable apps installed on a single device create 10 vulnerabilities tied to that device. A single vulnerable app installed on one million devices creates one million points of vulnerability across the user base.
As you discuss the many announcements made by Google last week, add some security context to the conversation with our “10 Surprising Stats Exposing Mobile Data Dangers” infographic. For even more detail about the state of mobile security, join us for our webinar “It’s not about you: Mobile security in 2016” on Thursday, May 26 or take a look at the full 2016 NowSecure Mobile Security Report.