Smartphones with old Android versions remain a security risk
The number of malicious apps for Android devices decreased significantly in the first half of the year. Around 700,000 new apps with malicious code - 47.9 percent fewer than in the first half of 2021 - were counted by experts* from G DATA CyberDefense in the first half of 2022. Smartphones with outdated Android versions that no longer receive security updates continue to be a problem.
The conflict in Ukraine has led to a significant decrease in the number of malicious apps for Android devices.While there were still more than 1.3 million Android apps containing dangerous malware in the first six months of 2021, the number of malicious apps fell to around 700,000 between January and June 2022 - a decrease of 47.9 percent.The reason is thatcyber criminals have been increasingly targeting other digital targets since February. This means that the rate of cyber attacks has also decreased significantly. On average, criminals have been publishing a dangerous app every 23 seconds. In 2021, there were only 12 seconds between malicious Android app releases. However, it is too early to talk of a let-up. Cyber security experts recorded a significant increase in infected apps again in June 2022. At the same time, the number of averted attack attempts has decreased less than in the previous months. The decline is only 27.2 percent compared to the same period in the previous year.
“Smartphones with outdated Android versions are and remain a major security risk,” says Stefan Decker, security researcher in the Mobile Team at G DATA CyberDefense. “If security updates are no longer being provided for these devices, they are also vulnerable to old malware. Basically, all smartphones with Android 10 or lower version numbers should be considered as insecure. Users should therefore regularly check which operating version is installed. If updates are no longer available, they should consider buying a new device.”
No security without updates
The past few months have shown how important Android updates are, especially for fixing critical security gaps in the operating system. If these updates are absent because the Android version is out of date or manufacturers are no longer providing security updates, the security of the device is at risk. The following statistic from Statcounter illustrates how big the problem is: in June 2022, Android 12, the current version, was installed on 28 per cent of all Android devices, and Android 11 on another 29 per cent. Android 10 is still installed on one in five devices. This means that 20 percent of smartphones and tablets are running older Android versions that do not meet the current security standards introduced by Google in Android 11 and Android 12. Hence attackers can use old malware that still works to exploit vulnerabilities in these devices that are no longer protected by security updates.
“Many smartphone owners are being lulled into a false sense of security,” says Stefan Decker. “They hold onto their old, insecure device because the battery still lasts a long time. But this is misunderstood durability and comes at the expense of personal security. Despite Google's efforts to enable updates to be available for longer, politicians and device manufacturers have so far failed to create framework conditions that reconcile security and sustainability.”
In the long term, attacks on smartphones will start to rise again as they increasingly become the central, all-in-one digital device. They are used in two-factor authentication or enable digital payments and will replace keys or ID cards in the near future. These functions make them a worthwhile target for criminals.