Is Your Older Smartphone OS A Malware Target?
By: Jim Stickley and Tina Davis
October 23, 2019
It’s a good question, and unfortunately for Android users, the answer to whether or not your older Android phone is a malware target is quite simply, “Yes.” It’s all about potentially harmful applications, or PHA. It’s the term Google created for Android malware. Google’s own recently-released research found that Android smartphones running on older OS like KitKat (4.x), Lollipop (5.x), or Marshmallow (6.x) are more likely to download a PHA that goes undetected.
The older OS allows more persistent PHAs that also resist removal to gain a stronghold. The research finds that older OS devices are 0.5% likely to have one or more PHAs. Newer Android OS versions like Nougat, Oreo and Pie are more resilient to PHA attacks, making it less likely they will infect a smartphone. Google finds only .25% of newer OS phones are vulnerable to PHAs, half as much as the older OS. The one thing Google relies on for their research is that users download apps directly from Google Play and not sideload apps from unknown sources.
Although Google has difficulty keeping PHAs from infiltrating its Play Store, it still claims there are tangible results and improvements due to a dedication to increasing security for Androids. Of course, all bets are off when users download PHAs from sources other than the Google Play Store. Android users with an older OS who sideload apps from sites other than Google are playing with fire. In fact, Google research finds “Android devices that only download apps from Google Play are 9 times less likely to get a PHA than devices that download apps from other sources.” That number alone should convince users not to sideload apps, no matter what Android OS they are using.
Google admits that in 2017 alone, over 700,000 apps were removed from Play Store because they violated policies about content, and others because they contained malware and engaged in phishing activities. That number of deleted apps was up 70% from 2016, which questions whether Google is getting better at finding PHAs, or the sheer number of PHAs has dramatically increased over time. Regardless of the answer in 2017, in 2018 Google claims they are getting much better at detecting PHAs. Users with older Android OS now have no excuse not to download apps from the Play Store. Even for those with more recent OS, the answer is the same: Don’t sideload and download apps only from the Google Play Store. It’s the best bet to keep your apps legitimate and your smartphone safe.
Also remember that even if you don’t have an Android, it’s always a safer move to get your apps exclusively from the official app stores and never to sideload. Malware, phishing, and other cyber threats do not exclusively affect Android.