igor - Fotolia

Android users not securing devices, survey shows

Nearly half of Android users polled are not using a security app on their smartphone, with same proportion saying they did not know they needed a security app

Android users are not securing their mobile devices despite a relatively high level of awareness and concern about potential attacks, a survey has revealed.

Two-thirds of Android users polled by Chinese antivirus and perform application firm 360 Mobile Security said they were aware of security weaknesses in Android, and more than 90% said mobile security was “very important”.

Top security concerns included untrustworthy apps (27%), online payments (20%) and hackers (13%). Other security concerns were single sign-on, Wi-Fi connections and personal data leakage.

Despite these findings, nearly half of respondents said they were not using a security app on their smartphone, with the same proportion saying they did not know they needed a security app.

More than 80% also said they would be unwilling to spend $5 or more on a security app, while 44% said security apps should be free of charge.

"The survey shows that while consumers are aware of threats to the Android platform, most are not using the tools and apps needed to protect themselves,” said 360 Mobile Security chief operating officer Yan Huang.

“Given that mobile devices are increasingly used to harvest data, it is a concerning fact that one in two people surveyed did not know they needed a security app to keep their personal data safe,” he said.

360 Mobile Security makes its antivirus app available for free download through Google Play, generating revenue through advertising and services, including remote technical support.

The app provides detection and protection against viruses, adware, malware, Trojans and specific threats such as Samsung keyboard vulnerability, as well as optimising device performance through freeing memory and prolonging battery life.

According to the Internet Trends 2015 report by Mary Meeker, partner of Kleiner Perkins Caufield & Byers, adware grew by 136% to 410,000 apps between 2013 and first three quarters of 2014, giving attackers access to personal information such as contacts, which can subsequently be used to launch phishing attacks.

In January 2015, Google issued the first Android Security Report in attempt to boost the mobile operating system’s security reputation.

Read more about Android security

The report claimed less than 1% of Android devices were infected with malware in 2014, and those who only use the Google Play Store for apps are at much lower risk.

The report highlights improvements Google has made to ensure greater security on Android, but admits there are devices that have not been patched for all known vulnerabilities, indicating that slow software updates by manufacturers continues to be a problem.

Tod Beardsley, a security researcher at security firm Rapid7, told SearchSecurity that in addition to the slow update cycle, the lack of a clearly stated end-of-life (EOL) policy is a problem because it leaves older versions of Android vulnerable as many devices do not get updated.

"The most obvious example of the lack of an EOL was the WebView brouhaha of December 2014," Beardsley said. "More recently, Google has now 'frozen' Chrome on Android 4.0.4, even though it is still possible to be on a 4.0.4 phone, bought less than two years ago, with no avenue for upgrade depending on your economic circumstances."

Google also used the report to highlight the new Android security features and capabilities in Android 5.0 Lollipop. These updates include improved full-disk encryption (FDE) and stronger SELinux enforcement.

Read more on Endpoint security