Malicious software attacks

As smartphone adoption increases, these devices become more appealing to attackers who try to infect them with malicious software (malware).[95][96] Smartphone security literature suggests that smartphone malware can be written even by average developers.[97] Smartphone malware is more easily distributed through application stores that have minimal or no security mechanisms, such as app kill switch (aka remote app removal), review process for their content, etc.[98][99] Often malware is hidden in pirated versions of legitimate apps, which are then distributed through 3rd party app stores.[100][101] Malware risk also comes from what's known as an "update attack," where a legitimate application is later changed to include a malware component, which users then install when they are notified that the app has been updated. Additionally, the ability to acquire software directly from links on the web results in a distribution vector called "malvertizing," where users are directed to click on links, such as on ads that look legitimate, which then open in the device's web browser and cause malware to be downloaded and installed automatically.[102] Typical smartphone malware leverages platform vulnerabilities that allow it to gain root access on the device in the background. Using this access the malware installs additional software to target communications, location, or other personal identifying information. A common form of malware on mobile phones is the SMS trojan, which sends premium SMS messages, possibly while unknowingly running in the background of a legitimate application. These premium SMS messages run up charges on the owner's phone bill which cannot be recovered. In August 2010, Kaspersky Lab reported detection of the first malicious program for smartphones running on Google's Android operating system, named Trojan-SMS.AndroidOS.FakePlayer.a, an SMS trojan which had already infected a number of devices using that OS [103] Over the spring of 2011 Android malware increased 76%, according to McAfee.[95][104] A report from Juniper Global Threat Center notes that malware on the Android platform increased 400% from 2009 to the summer of 2010, and then saw a 472% increase between July and November 2011.[98] The Juniper report indicates that 55% of Android malware acts as spyware, and 44% are SMS trojans. While there have been and continue to be potential security flaws in iOS,[105] as of at least August 2011 there were no known malware or spyware apps in Apple's App Store, according to security firm Lookout. There are however commercial spyware applications available, outside the App Store, for jailbroken iOS devices.[102] In June 2011 Symantec's 23-page report "A Window Into Mobile Device Security" characterized (non-jailbroken) devices running iOS as having "full protection" against malware attacks.[106] Symbian and older versions Windows Mobile have had to contend with a degree of malware in the past, but as legacy systems it is believed that the people who previously targeted them have shifted their focus to Android.[98] There were also a few Palm OS viruses. The only mobile platform other than Apple's iOS without reports of malware so far is HP's (formerly Palm's) webOS, but this may be explained by its relatively low adoption rate.[104] The best way to reduce a device's vulnerability to malware attacks is to install the most recent versions of operating systems which include security patches. This can be complicated by long delays[107] in software updates for many devices which have had their software modified with custom "skins," services, or promotional on-deck apps by their manufacturer or mobile carrier.[102] In some cases a device may no longer be receiving updates from its manufacturer or carrier, leaving it vulnerable to exploits that have been patched in an OS version that's more recent than the device's last supported one.