In the era of the personal computer, Apple Inc.’s machines were often less vulnerable to security threats than the alternatives. That may also be the case with the rise of smartphones.
Google Inc.’s Android operating system for mobile devices has had an almost sixfold increase in threats such as spyware and viruses since July, according to Juniper Networks Inc. That may increase the perception that Apple devices are safer than smartphones and tablets that run on Android, said Juniper.
“You’re not going to see nearly the number of infections on Apple as you see on Android,” said Dan Hoffman, who leads a team tracking mobile threats for Sunnyvale, California-based Juniper, the second-largest maker of networking equipment.
Most of the growth in Android threats comes from applications, or apps, available from third-party sites not associated with Google’s Android Market, according to data Juniper collected as of Nov. 10. Apple doesn’t face the same issue because iPhone and iPad owners can only get applications from Apple’s App Store, which is controlled by the company.
“The open nature of the Android system makes it more susceptible to attack,” Hoffman said in an interview. “If it’s on a third-party site, Google can’t remove it.”
Making malware is easier with Android software because the applications aren’t checked, the source code is open and the apps can be sold on external sites, Hoffman said. Android is free and available for download by anyone, while Apple screens each application added to its store. With Android growing faster than Apple’s system, it appeals to hackers seeking greater reach, he said. Of the thousands of infected Android apps, 55 percent contain spyware, which can gather data from phone use.
Increasing Market Share
Google, based in Mountain View, California, and Apple, based in Cupertino, are vying for control of a smartphone market as computing evolves from desktop machines to mobile devices. While Apple has championed a closed system in which it makes its own hardware and doesn’t share its operating system, Google has opted for an open approach, allowing companies such as Samsung Electronics Co. and Motorola Mobility Holdings Inc. to use Android in phones and tablets for free.
The wide availability of apps has helped the Silicon Valley rivals outpace traditional handset makers such as Nokia Oyj and Research In Motion Ltd. Android devices had 45 percent of the U.S. smartphone market in the quarter ended in September, up from 40 percent three months earlier, according to research firm ComScore Inc. Apple kept its 27 percent share.
Hoffman said the 472 percent jump in application viruses since July stems from Android users’ ability to buy apps online at third-party sites like mmoovv.com and samsunggalaxy-s.ru that can contain malicious applications alongside legitimate ones.
Virus in Disguise
Android users may be drawn to the sites to find cheaper versions of programs, or because the Android Market isn’t available in some places, such as China. On a third-party site, it’s possible to find an infected “Angry Birds” game uploaded right next to a legitimate one, said Danielle Hamel, a Juniper spokeswoman.
Spyware threats are increasingly coming from pirated versions of popular apps, Hoffman said. While the apps are designed to look and work like something legitimate already on the market, they contain viruses that can grab users’ private data or communicate with other parts of the phone.
Randall Sarafa, a Google spokesman, said the company had no comment. Trudy Muller, an Apple spokeswoman, didn’t respond to a phone call.
Citing competition from other security vendors, Juniper declined to disclose the exact number of data samples used to determine the increase in Android threats. In order for Juniper to count an application as infected, it must have an instance of “hostile” or “intrusive” code.
Evolving App Market
Juniper doesn’t have numbers for malware on Apple’s operation system because cases are rare, Hoffman said. Security researcher and hacker Charlie Miller said this month on Twitter that he was kicked out of Apple’s development community for one year after loading an app that exposed vulnerability.
The relative youth of the mobile-application market allows programmers to exploit weaknesses in an open-source model and once developers for Android discover all potential threats, it might become more secure than Apple’s operating system over time, said Edward Amoroso, chief security officer for AT&T Inc., the second-largest U.S. wireless carrier.
“An open model tends to allow a flurry of vulnerabilities, very quickly, that tend to stop being a problem as more people find them,” Amoroso said in an interview. “A closed system will have longer, more sustained, but more predictable and controllable set of vulnerabilities.”
He said open-source operating systems for personal computers were more vulnerable than Microsoft Windows for years, until eventually the programming community was able to make them safer.
The smartphone security threats may provide a business opportunity for companies selling protection. IDC, an information technology research firm, expects the mobile security software market to expand 15.1 percent annually.
International Business Machines Corp. and Symantec Corp. are among the companies investing in the market. IBM last week started selling a service that ensures personal devices comply with corporate security policies and detects malware.
“People are routinely sending enterprise data to their personal phones,” Latha Maripuri, a director of security services at IBM, said in an interview. “Our clients are struggling with the mix of business data and personal data on a device.”