We Need More Than Jelly Bean

Google is set to launch Android 5.0, aka Jelly Bean, this fall. But do we even need it? While Google has made some steps in securing its Play branded marketplace, and offered a few security updates to the operating system, it is a fact that the most targeted Android platform is still 2.x. Why is that? There are several reasons, not the least of which is a lack of security patches provided to previously deployed operating system versions.

Android 2.2 was the first version to be targeted by malware. In his post from August 10th, Denis Maslennikov from Kaspersky wrote about how the first Trojan was discovered.

Since then, we’ve seen an astronomical growth in Android malware, to the degree that it has outpaced all other types of mobile malware and become the most targeted mobile platform. One of the reasons Android is so heavily targeted is that around 20% of users of the operating system are still using version 2.2. Most users (about 64%) are now on version 2.3, “Honeycomb”. That said, there are numerous root exploits available that target both of these platforms, not to mention the large amount of malware that employ them. There are not numerous security patches available. In fact, the only option for users of devices that have not been offered updates is to buy a new device altogether.

Imagine if the only way to get operating system updates from Microsoft was to buy a new computer.

At the beginning of February, Google premiered “Bouncer” to review and protect users from malware in the official Android market, now known as “Play”. It is very difficult to rate Bouncer’s effectiveness as Google does not publish the detection rates. Even so, some malware has still snuck by and has been made available by developers within the Play store.
My point here is that even official channels of distribution are not 100% safe. If Google wants to protect their user base, they need to provide security patches to the roughly 80% of their customers that have been left behind. The prevalence of One-Click Root apps proves this fact. They just wouldn’t be popular if no one could use them. The life-cycle of a root exploit for Android at this point is years.

We will get a new Android version this fall, but we still need security patches for the 80% of users that do not receive them. Expecting all those users who have paid their hard-earned money to simply buy another device as a security practice is unacceptable.

We Need More Than Jelly Bean

Your email address will not be published.



The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox