We Need More Than Jelly Bean

Google is set to launch Android 5.0, aka Jelly Bean, this fall. But do we even need it? While Google has made some steps in securing its Play branded marketplace, and offered a few security updates to the operating system, it is a fact that the most targeted Android platform is still 2.x. Why is that? There are several reasons, not the least of which is a lack of security patches provided to previously deployed operating system versions.

Android 2.2 was the first version to be targeted by malware. In his post from August 10th, Denis Maslennikov from Kaspersky wrote about how the first Trojan was discovered.

Since then, we’ve seen an astronomical growth in Android malware, to the degree that it has outpaced all other types of mobile malware and become the most targeted mobile platform. One of the reasons Android is so heavily targeted is that around 20% of users of the operating system are still using version 2.2. Most users (about 64%) are now on version 2.3, “Honeycomb”. That said, there are numerous root exploits available that target both of these platforms, not to mention the large amount of malware that employ them. There are not numerous security patches available. In fact, the only option for users of devices that have not been offered updates is to buy a new device altogether.

Imagine if the only way to get operating system updates from Microsoft was to buy a new computer.

At the beginning of February, Google premiered “Bouncer” to review and protect users from malware in the official Android market, now known as “Play”. It is very difficult to rate Bouncer’s effectiveness as Google does not publish the detection rates. Even so, some malware has still snuck by and has been made available by developers within the Play store.
My point here is that even official channels of distribution are not 100% safe. If Google wants to protect their user base, they need to provide security patches to the roughly 80% of their customers that have been left behind. The prevalence of One-Click Root apps proves this fact. They just wouldn’t be popular if no one could use them. The life-cycle of a root exploit for Android at this point is years.

We will get a new Android version this fall, but we still need security patches for the 80% of users that do not receive them. Expecting all those users who have paid their hard-earned money to simply buy another device as a security practice is unacceptable.

We Need More Than Jelly Bean

Your email address will not be published. Required fields are marked *



LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox