Overview of Mobile Malware in iOS and Android Devices Reham Snow A. Camama School of Computing and Information Technologies Asia Pacific College Makati, Philippines
[email protected]
Anna Lynn C. Alcaraz School of Computing and Information Technologies Asia Pacific College Makati, Philippines
[email protected]
Abstract – Mobile subscriptions have reached up to 7.5 billion worldwide. With the growing number of mobile users, malware targeting mobile devices have increased both in number and sophistication. Mobile devices can be protected in a number of ways.
(3,900,000,000) subscriptions, accounting for 55% of the total number of mobile subscriptions. [1]
One way to protect mobile devices is to keep mobile operating systems (OS) updated. In this, iOS devices are better than Android devices because Apple pushes for OS updates better than Google and their various original equipment manufacturers (OEM). Amongst Android OEMs, LG is recommended because has been among the faster OEMs to push for updates for both Android 5.0 Lollipop and Android 6.0 Marshmallow. Another way to protect mobile devices is to install anti-malware apps. This is only applicable to Android devices. Anti-malware apps are available for both OS; however, the iOS don’t support anti malware because of sandboxing. Amongst the various anti-malware apps available, Sophos Mobile Security is recommended for protection, usability, and other functionalities.
Index Terms – mobile malware, operating system (OS), original equipment manager (OEM), third-party app markets, rooting, jailbreaking, app sandbox, antivirus
I. INTRODUCTION According to the Ericsson Mobility Report, the total number of mobile subscriptions have reached up to 7.5 billion (7,500,000,000) subscriptions in the 3 rd quarter of 2016. Smartphone subscriptions have reached 3.9 billion
1|P a g e
Major mobile device operating systems are Google’s Android and Apple’s iOS. [2] According to data from the International Data Corporation (IDC) Worldwide Quarterly Mobile Phone Tracker, Android dominated the smartphone market with 86.8% share in the 3 rd quarter of 2016, while iOS comes second in the smartphone market with 12.7% share. [3] With the growing number of mobile users, mobile is becoming a much more valuable target for cybercriminals. Google and Apple are taking preventative measures to prevent malware in Android and iOS devices, respectively; however, malware is still having an impact on these devices. [4] According to the Nokia Threat Intell igence Report, smartphones have officially overtaken Windows-based computers and laptops in terms of malware activity. Android devices were the most targeted mobile platform, accounting for 74% of all malware infections compared to Windows/PC systems accounting for 22%, and other platforms, including iOS devices, accounting for the remaining 4%. [5] Android is the most targeted mobile platform. Having dominated the smartphone market, Android became the more profitable target of malware infections compared to the iOS. Because Android is open-source, codes are readily available and accessible to malicious app developers.
Ta bl e 1 Top 20 s ma rtphone ma l wa re
Figure 1 shows the detection stats of Uapush.A on mobile devices based from AVG. This is from the 14 th of February to the 21 st. [6] Kasandra.B is a high threat level Android remote access Trojan. It is packaged to look like Kaspersky’s Mobile Security App, but is actually a Trojan that gives the attacker unrestricted access to sensitive details such as SMS messages, contact lists, call logs, browser history (including banking credentials), and GPS location data stored in Android devices. It stores all the data in an “adaptive multirate file on the SD card” to later upload it to a remote command-and-control (C&C) server. It is also known as SandroRAT. [5]
Table 1 shows the top 20 malware in smartphones. Eighteen out of 20 of these smartphone malware target Android devices. [5] The three top smartphone malware are Uapush.A, Kasandra.B, and SMSTracker. Uapush.A is an Android adware Troj an with a moderate threat level. It sends Short Message Service (SMS) messages and steals personal information from the compromised device. [5] This threat is considered as an Adware. It also displays unwanted ads and notification that can be considered as privacy-invasive. [6]
SMSTracker is an Android Spyphone app that provides a complete remote phone tracking and monitoring system for Android phones. It allows the attacker to remotely track and monitor all SMS, Multimedia Messaging Service (MMS), text messages, voice calls, GPS locations and browser history. It is also known as Android.Monitor.Gizmo.A. [5] Most of the vulnerabilities goes to Android when it comes to malware; however, the iOS is not exempt from malware. Last year, the first iOS Trojan Horse was discovered exploiting Appl e. It was called “AceDeceiver”.
Fi gure 2 Norma l Procedure of Ins talling a n i OS App and Fa i rpl a y Ma n-i n-the-Mi ddl e
Fi gure 1 Ti mel i ne Detecti on of a ndroi d/ua pus h
2|P a g e
Figure 2 shows the normal procedures on how to install an app in iOS devices, and how the AceDeceiver attacks. Apps can be bought through the App Store, and can also be bought or installed through a user’s PC with iTunes. The AceDeceiver, or Fairplay Man-In-the-Middle, attacks through the App
Store using an infected PC. For the first time, Fairplay, or Apple’s DRM (Digital Rights Management) was attacked. The attacker purchases an application from the App Store and then intercept and save the authentication code. A software then stimulates the client’s behavior and tricks iOS users that the app was purchased by the victim. [7] A software, called ‘Aisi Helper’, acts as a helper for re-installation, jailbreaking, system backup, device management and system cleaning. With the iPhone or iPad connected to the PC, the attacker then installs malicious applications without the user’s awareness. [7] This threat however only affects Windows PCs and not Mac computers, and only affects users in China. [7]
II. PROBLEM STATEMENT A large number of mobile malwares are affecting mobile devices. Users need to be able to protect their devices from them.
III. RESULTS AND DISCUSSION There are many ways to protect mobile devices from malware. One way is to keep device operating systems up-to-date. [4] Android and iOS are updated on a pretty regular basis, but not every OS delivers those updates to users in a timely fashion. There are big releases with new features and occasional redesigns every few months, and smaller releases to deal with bug fixes a little more frequently than that. [8]
Ta bl e 2 Operating System updates for Android
KitKat Lollipop Marshmallow Nougat
3|P a g e
4.4 4.4.4 5.0 5.1.1 6.0 6.0.1 7.0 7.1.1
October 31, 2013 November 12, 2014 August 5, 2015 August 22, 2015
Unsupported Unsupported Supported Supported
Table 2 shows the OS updates of Android. It is evident that updates are only done once a year, as for their latest update Nougat which is opened to the market last year August. [9]
Ta bl e 3 Operating System updates for iOS
iOS 10.0.3
iPhone 7 and iPhone 7 Plus
iOS 10.1 iOS 10.1.1 iOS 10.2 iOS 10.2.1
iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
October 17, 2016 October 24, 2016 October 31, 2016 December 12, 2016 January 23, 2017
As for iOS, table 3 shows that all of the recent updates of iOS supports generally all the devices that Apple carries and is available in the market. It is also evident that updates are more frequent than Android. In the Android ecosystem, updates can be blocked a number of ways: by Google (which updates the operating system); by the handset manufacturer (which may decide to release updates only for the latest models); or by the mobile provider (which may not increase bandwidth on their network to support updates). Without the ability to update, Android devices are vulnerable to potential exploits. [4] Apple maintain greater control over the software, so it’s easier for them to roll out updates , and compatible devices tend to upgrade to the latest version in a timely fashion. Apple’s iOS is the only mobile OS that offers consistent and timely software updates and security patches. [8] Apple always leaves behind a couple older devices each year when new software comes out, so it’s not entirely free of fragmentation, but it does better than Google. Usually, the devices that are left behind are 4-5 years old as opposed to 2 years old, which is when Nexus phone updates are cut off. [8] For a Nexus Android device, or one of the new Pixel phones from Google, the latest updates are
available quickly. Samsung, Sony, and LG have finally begun providing some updates, but updates can be made unavailable at their mercy and the mercy of wireless carriers, which also demands the right to test and release all new software updates for Android. Apple is exempt. [8] When Google released Android 5.0 Lol lipop on November 3, 2014, Asus was first to release updates among the Android OEMs, followed by Motorola; however, both Asus and Motorola stopped the updates because they encountered bugs. After seven months, Samsung, LG, Sony, and HTC successfully released updates to compatible devices. Motorola, ZTE, and Amazon managed to successfully release updates after 1 year and 6 months. [10] When Google released Android 6.0 Marshmallow on October 5, 2015, Motorola was first to release updates after three months, followed by LG and HTC; however, both Motorola and LG released the update to their latest devices, while updates to other compatible devices followed later. HTC simultaneously released updates on all compatible devices. Samsung, Sony, and ZTE released updates a little after 5 months, with Samsung and Sony releasing updates on all compatible devices while ZTE released updates to only a small handful of devices. [11] For the release of both Lollipop and Marshmallow, LG has been among the faster OEMs to release updates on compatible devices.
owned by other applications. Apple is opposed to third-party app stores and expect users to stick to their app stores. [8] iOS provides layers of protection to ensure that apps are signed and verified, and are sandboxed to protect user data. These elements provide a stable, secure platform for apps, enabling thousands of developers to deliver hundreds of thousands of apps on iOS without impacting system integrity. And users can access these apps on their iOS devices without undue fear of viruses, malware, or unauthorized attacks. [12] Developers must register with Apple and join the Apple Developer program. As a res ult, all apps in the App Store have been submitted by an identifiable person or organization, serving as a deterrent to the creation of malicious apps. [12] To ensure that all apps come from a known and approved source and have not been tampered with, iOS requires all executable code be signed using an Apple-issued certificate. [12] All third-party apps are sandboxed, so they are restricted from accessing files stored by other apps, or from making changes to the device. Should a third-party app need to access information other than its own, it needs explicit permission. System files and resources are also shielded from the user’s apps. Figure 3 shows access without sandbox a nd with sandbox. [12] [13]
At last count, 18.7 percent of Android devices are running Android 6.0 Marshmallow (with Android 7.0 Nougat just launching) compared to 67 percent of iOS devices running iOS 10. When the OS are not updated, users not only miss out on features, but also important security patches. [8] Another way to protect mobile devices from malware is to avoid third-party app markets. Rooting (for Android devices) or jailbreaking (for iOS devices) is the process of removing the security limitations imposed by the operating system vendor. To root or to jailbreak means to gain full access to the operating system and features. This also means breaking the security model and allowing all apps, including malicious ones, to access the data
4|P a g e
Figure 3 iOS App Sandbox
Another way to protect mobile devices from malware is to install anti -malware on their devices. Although malware exists for iOS, the iOS doesn’t support anti-malware because of sandboxing.
However, the risk of infection is highest for Android, where security software is already available; therefore, Android devices should be protected by anti-malware software. [4] For mobile antivirus apps, there are quite a few to choose from. According to AV-Test.or g, Bitdefender Mobile Security, Kaspersky Lab Internet Security, Norton Mobile Security, and Sophos Mobile Security scored full marks for protection, usability, and other functionalities, as shown in Tables 4 to 7. [14] [15] [16] [17]
Ta bl e 5 Protection a nd Usability s core of Norton Mobile Securi ty a nd Sophos Mobile Security from AV-TEST
Protection Detection of the latest Android malware in real time Detection of the latest Android malware discovered in the last 4 weeks
January 2017
Industry average
100%
99.0%
100%
99.0%
Protection Score: 6.0/6.0 Ta bl e 4 Protection a nd Usability s core of Bitdefender Mobi le Security a nd Ka spersky La b Internet Security from AV-TEST
Protection Detection of the latest Android malware in real time Detection of the latest Android malware discovered in the last 4 weeks
January 2017
Industry average
99.9%
99.0%
100%
99.0%
Protection Score: 6.0/6.0 Usability Performance: The app does not impact the battery life Performance: The app does not slow down the device during normal usage Performance: The app does not generate too much traffic False warnings during installation and usage of legitimate apps from Google Play Store False warnings during installation and usage of legitimate software from third party app stores
0
0
0
0
Usability Score: 6.0/6.0
Ta bl e 6 Additional s ecurity features of Bitdefender Mobile Securi ty a nd Ka spersky La b Internet Security
0
0
0
0
Usability Score: 6.0/6.0
5|P a g e
Usability Performance: The app does not impact the battery life Performance: The app does not slow down the device during normal usage Performance: The app does not generate too much traffic False warnings during installation and usage of legitimate apps from Google Play Store False warnings during installation and usage of legitimate software from third party app stores
Anti-theft Call blocker Message filter Safe browsing Parental control Backup Encryption Other features
Bitdefender X X
Kaspersky Lab
X
X
X X
X X Privacy protection, Text antiphishing
App lock, Privacy advisor
Ta bl e 7 Additional s ecurity features of Norton Mobile Securi ty a nd Sophos Mobile Security
Anti-theft Call blocker Message filter Safe browsing Parental control Backup Encryption
Other features
Norton X
Sophos
X
X
X X Privacy Advisor, Security Advisor, App Protection, Authenticator
App Advisor
Amongst the various anti -malware apps available, Sophos Mobile Security is most recommended. It garnered a 6.0/6.0 score for protection and 6.0/6.0 score for usability. It also has other functionalities, such as Anti -theft, Call blocker, Message filter, Safe browsing, Parental control, Privacy Advisor, Security Advisor, App Protection, and Authenticator. [17] It is often said that Android is vulnerable to malware for the fact that it is open source. Their applications are open to the market and is available for download. Play Store is open for upload of all applications, but i t doesn’t mean that they let your device be infected by malware. It always comes up to the user on how he/she handles the vulnerability of the mobile device. The best trick would be enabling unknown sources, and most likely unknown applications that carry malware will not affect the device.
As what is shown in Figure 4, Google has multiple layers of defense when it comes to malware. Malware of unknown sources wouldn’t be able to access the phone in the 2 nd layer immediately if that is, the phone is enabled to notify when it is an unknown source. [18] Apple’s iOS however, has its own security measures. The iOS isn’t open source unlike the latter, and they aren’t allowing users to install or upload applications from outside sources, if it isn’t approved by them. Still, security flaws are visible within the OS.
Ta bl e 8 Mobi l e Threa ts by Devi ce Type i n 2012
According to Symantec, regarding vulnerabilities, Android has been the on the top list with 103 different kinds of threats in mobile devices and iOS having the least. [18]
Ta bl e 9 Mobi l e vul nera bi l i ty by OS
In regards to Operating Systems, it is documented that the iOS has the highest number of vulnerabilities, next to the line is Android. However, threats such as malware aren’t considered as a threat for Operating Systems, because it doesn’t use software vulnerabilities.
Fi gure 4 Googl e’s 7 La yers of Defens e
6|P a g e
IV. CONCLUSION AND RECOMMENDATION
[4]
Between Android and iOS, iOS is still the better OS when it comes to operating system updates. With iOS, the software is regularly updated by Apple. Vital security patches are available to iOS device users as soon as Apple pushes the software live.
Sophos, "Mobile Malware: Secure iOS, Android and Windows Smartphones with Sophos Mobile Control," [Online]. Available: https://www.sophos.com/en-us/securitynews-trends/security-trends/malware-goesmobile.aspx. [Accessed 2017 February 2017].
[5]
Nokia, "Nokia Threat Intelligence Report," August 2016. [Online]. Available: https://tools.ext.nokia.com/asset/200492. [Accessed 12 February 2017].
[6]
"AVG Threat Labs," AVG, [Online]. Available: http://www.avgthreatlabs.com/us -en/virusand-malware-information/info/androiduapush/. [Accessed 22 February 2017].
[7]
Palo Alto, "AceDeceiver: First Tojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device," March 2016. [Online]. Available: http://researchcenter.paloaltonetworks.com /2016/03/acedeceiver-first-ios-trojanexploiting-apple-drm-design-flaws-to-infectany-ios-device. [Accessed 28 February 2017].
[8]
S. Hill, "Android vs. iOS - in-Depth Comparison | Digital Trends," 29 October 2016. [Online]. Available: http://www.digitaltrends.com/mobile/bestsmartphone-os/. [Accessed 12 February 2017].
[9]
uSwitch Mobiles, "Mobile operating systems - what are they and which is best?," 23 August 2016. [Online]. Available: https://www.uswitch.com/mobiles/guides/m obile-operating-systems/. [Accessed 13 February 2017].
Android, "The Android Story," [Online]. Available: https://www.android.com/history/#/lollipop. [Accessed 25 February 2017].
[10]
International Data Corporation, "IDC: Smartphone OS Market Share 2016," November 2016. [Online]. Available: http://www.idc.com/promo/smartphonemarket-share/os. [Accessed 13 February 2017].
Apteligent, "May Monthly Data Report: Google IO Edition," 10 June 2016. [Online]. Available: https://data.apteligent.com/downloadreport?report=apteligent-data-report-may2016.pdf. [Accessed 12 February 2017].
[11]
Apteligent, "Apteligent Data Report: Android Manufacturer Edition," 15 August 2016. [Online]. Available: https://data.apteligent.com/download-
Though Google releases updates for Android devices, updates may be delayed by the different Android OEMs to their devices. Amongst them, LG has consistently been among the faster OEMs to release software updates to their devices . When it comes to app security, it is notable that Apple is better able to monitor apps posted on the App Store than Google on apps posted on the Play Store. Android devices should be protected by antivirus apps. For mobile antivirus apps, Sophos is recommended for its high score in protection and usability, and for its other security features .
V. REFERENCES [1]
[2]
[3]
Ericsson, "Ericsson Mobility Report November 2016," November 2016. [Online]. Available: https://www.ericsson.com/assets/local/mobi lity-report/documents/2016/ericssonmobility-report-november-2016.pdf. [Accessed 13 February 2017].
7|P a g e
report?report=apteligent-data-report-july2016.pdf. [Accessed 12 February 2017]. [12]
[13]
[14]
[15]
TEST," 14 January 2017. [Online]. Available: https://www.avtest.org/en/antivirus/mobiledevices/android/january-2017/kasperskylab-internet-security-11.12-170114/. [Accessed 23 February 2017].
Apple, "iOS Security Guide," May 2016. [Online]. Available: https://www.apple.com/business/docs/iOS_ Security_Guide.pdf. [Accessed 28 February 2017].
[16]
Apple, "About App Sandbox," 13 September 2016. [Online]. Available: https://developer.apple.com/library/content /documentation/Security/Conceptual/AppSa ndboxDesignGuide/AboutAppSandbox/Abou tAppSandbox.html. [Accessed 28 February 2017].
AV-TEST, "Test Norton Mobile Security 3.17 for Android (170119) | AV-TEST," 19 January 2017. [Online]. Available: https://www.avtest.org/en/antivirus/mobiledevices/android/january-2017/nortonnorton-mobile-security-3.17-170119/. [Accessed 23 February 2017].
[17]
AV-TEST, "Test Sophos Mobile Security 6.5 for Android (170118) | AV-TEST," 18 January 2017. [Online]. Available: https://www.avtest.org/en/antivirus/mobiledevices/android/january-2017/sophosmobile-security-6.5-170118/. [Accessed 23 February 2017].
[18]
Symantec, "Internet Security Threat Report 2013," 2013.
AV-TEST, "Test Bitdefender Mobile Security 3.2 for Android (170106) | AV-TEST," 6 January 2017. [Online]. Available: https://www.avtest.org/en/antivirus/mobiledevices/android/january-2017/bitdefendermobile-security-3.2-170106/. [Accessed 23 February 2017]. AV-TEST, "Test Kaspersky Lab Internet Security 11.12 for Android (170114) | AV-
8|P a g e
