November 21, 2011, 3:11 PM — Mobile security risk realities:
- Android is the No. 1 target for malware writers;
- Radio-based digital data links such as those on smartphones are inherently insecure;
- No data is secure when you carry it around in a pocket and often can't remember where you put the phone that holds it.
All those risks of mobile computing apply to all smartphones equally, but none has anything to do with the single fault to blame for making the "Dirty Dozen" smartphones "dirty," according to a study published by Bit9 identifies 12 smartphones as the most insecure on the market.
"The Most Vulnerable Smartphones of 2011" come from a range of manufacturers – Samsung, HTC, Motorola, LG and Sony, for example. All have one thing in common: failure by the manufacturer to update the smartphone's software in a timely and reliable way.
For example, the number of pieces of malware aimed at Android increased more than 472 percent between July and Nov. according to Juniper Networks – an annual rate of 1,320 percent.
That's partly because Android is so popular; much of the reason that malware can be successful is because 56 percent of Android devices on the market are running out of date, insecure software, Bit9 reported.
Android runs on 52 percent of smartphones covered in Bit9's report, 30 percent run iOS and 20 percent run other operating systems.
None of the 12 most insecure smartphones run iOS – because of Apple's higher level of control over the OS, Bit9's report showed.
Apple is able to limit risk first by controlling the market for iOS applications and filtering it for unauthorized code.
Second, and possibly more important, Apple controls the manufacture of the devices and schedule by which the operating system is updated. That single point of contact is a huge advantage in some ways, according to Harry Svedlove, Bit9's chief technology officer, as quoted in Network World.
"The challenge we had in the Android ecosystem is it's unbelievably fragmented," Svedlove said. "From a security perspective, this eco-system is broken."