As the G DATA Mobile Security Report shows: The Ukraine conflict is causing a decline in malicious Android apps. Still up to date: Smartphones with old Android versions remain a security risk for companies too.
The number of malicious applications for Android devices fell significantly in the first half of the year: The experts at G DATA CyberDefense counted around 700.000 new apps with malicious code and thus 47,9 percent fewer in the first half of 2022 - compared to the first half of 2021. Smartphones with outdated Android versions that no longer receive security updates are still a problem.
Significant decrease in apps with malicious code
The Ukraine conflict is causing a significant drop in malicious apps for Android devices. While there were still more than 2021 million Android apps with dangerous malicious code in the first six months of 1,3, the number of malicious apps fell to around 2022 between January and June 700.000 - a drop of 47,9 percent. The reason: Cyber criminals have been targeting other digital targets since February.
As a result, the speed of cyber attacks has also slowed down significantly: criminals publish a dangerous app every 23 seconds on average. In 2021, there were only 12 seconds between two malicious Android applications. However, it is too early to talk about relaxation. In June 2022, the cybersecurity experts again recorded a significant increase in infected apps. At the same time, the number of repelled attack attempts fell less than in previous months. The decrease compared to the same period is only 27,2 percent.
Increasing risk from Android 10 or lower
"Smartphones with outdated Android versions are and will remain a major security risk," says Stefan Decker, security researcher in the mobile team at G DATA CyberDefense. “If these devices no longer receive security updates, then they are also vulnerable to old malware. Basically, all smartphones with Android 10 or lower version numbers are classified as unsafe. Users should therefore regularly check which operating version is installed. If an update is no longer possible, they should consider buying a new device.”
No security without updates
The past few months have shown how important Android updates are, particularly to fix critical security vulnerabilities in the operating system. If these updates are missing because the Android version is outdated or the manufacturer does not deliver any additional security updates, the security of the device is at risk. The following statistics from Statcounter illustrate how big the problem is: In June 2022, the current Android 12 version was installed on 28 percent of all Android devices, and Android 29 on another 11 percent.
Android 10 is still installed on every fifth device. But that also means: 20 percent of smartphones and tablets run with older Android versions and therefore do not meet the current security standards introduced by Google with Android 11 and Android 12. To do this, the attackers use old malware that still works and exploits vulnerabilities in these devices that are no longer protected by security updates.
False security on old devices
"Many smartphone owners have a false sense of security," says Stefan Decker. “They keep their old insecure device because the battery still lasts a long time. But that is misunderstood sustainability and comes at the expense of personal security. Despite Google's efforts to allow updates for longer, politicians and device manufacturers have so far failed to create framework conditions that reconcile security and sustainability."
In the long term, attacks on smartphones will increase again, as the devices are increasingly developing into the central all-in-one device of the digital world. They are used for two-factor authentication or enable digital payments and will replace keys or ID cards in the near future. These features make them a lucrative target for criminals.
More at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.