Nov 21 AT 2:33 PM Taylor Wimberly 23 Comments

The most vulnerable mobile devices of 2011, Is your Android phone part of the “dirty dozen?”

orphand-android-phones

Is your Android device vulnerable to a security risk? Bit9 has released their annual report for the most vulnerable mobile devices and the news is not good for many Android owners. As many of us already know, there are a ton of Android devices out there that no longer receive software updates, which means “security vulnerabilities are not being maintained, bugs are not being patched, and loopholes in your system are being left open.”

As Bit9 points out, most consumers do not take security into account when purchasing a smartphone and many of them may not even know that the software on their Android device is out-of-date (sometimes right out of the box).

The “Dirty Dozen” list includes:

  1. Samsung Galaxy Mini
  2. HTC Desire
  3. Sony Ericsson Xperia X10
  4. Sanyo Zio
  5. HTC Wildfire
  6. Samsung Epic 4G
  7. LG Optimus S
  8. Samsung Galaxy S
  9. Motorola Droid X
  10. LG Optimus One
  11. Motorola Droid 2
  12. HTC Evo 4G

Part of me thinks all these mobile malware scare reports are a bunch of bunk, but I do agree that Android software updates are still a problem for all of the US carriers. Google announced a special Android update alliance back in May to address this problem, but we have yet to hear any updates on the program since then (how ironic, right?).

Harry Sverdlove, CTO of Bit9, says that it’s our responsibility to encourage the carriers and manufactures to take this issue more seriously. He explains, “As consumers, one of the best ways we can make our voices known is with our pocket book. We need to put pressure on the manufacturers to either demand a different model where the updates can be centrally managed, or they can be more predictable, or demand that each manufacturer take security more seriously.”

In all my years with Android, I’ve never experienced any mobile malware or viruses. Maybe I’m just lucky or maybe it’s because I don’t download pirated apps and porn from Chinese app stores.

Do you think Android has a major security problem? If so, where should we place the blame?

Source: Bit9

Taylor is the founder of Android and Me. He resides in Dallas and carries the Samsung Galaxy S 4 and HTC One as his daily devices. Ask him a question on Twitter or Google+ and he is likely to respond. | Ethics statement

    Most Tweeted This Week

  • http://www.droidgamers.com Andrew Huff

    I’m really not surprised by some of the phones on that list to be honest. In fact pretty much the top 5 don’t surprise me at all

  • Mark

    Ever since that useless report came out this week, all the MSM tech sites have been echoing the same article. It’s almost disgusting. Is it any shock that the report comes from a security company? This is nothing more than baseless fear mongering to drum up sales for their various mobile security software. I’ve been with Android since the G1 came out and I’ve NEVER, EVER gotten a virus or malware. These companies are trying to create fear and scare where there is little to none to capitalize on it. Really disgusting.

    • http://ArtisticAbode.com Arron with two R’s

      Clerk – “You’re loitering and causing a disturbance.”
      Man – “I’m a disturbance? You’re a disturbance pal! You know, here!”
      *Man buys pack of gum*
      “Now I am a customer. I’m gonna buy some Chewley’s gum. All right. I’m a customer…engaged in a discussion with the other customers.”
      ***********
      “Who’s leading this mob?”
      *Guy points at man*, “He is”
      Let me see some credentials…slowly”
      *man hands her business card*
      “You’re a Chewley’s Gum representative?
      *man nods*
      And you’re stirring up all this antismoking sentiment to what? Sell more gum?
      *man nods*

      • Aseem

        “Salsa shark. We’re gonna need a bigger boat.”

  • Toonshorty

    The whole virus nonsense was probably started off by a bunch of iFanboys that were grasping on straws to find a reason why their pathetic OS is still better ;)

    I’ve got an HTC Desire but I don’t really care about security since I root the thing so often and flash ROMs so often it barely matters anyway.

    • pjamies

      Booyah !!

      Does a ‘HTC Desire HD’ count ?? lol

  • http://thomashunsaker.com Thomas Hunsaker

    I imagine most of the malware comes from super shady apps, which is a result of an unrestricted market. Do people not report things as spam/malware once they know? I still blame carriers for “ruining” Android with crap devices and copouts about updates.

  • charliethesuperturtle

    You shouldn’t be.downloading porno anyway rofl
    Look for.your closest treatment center

  • pitacrisps

    This is a hock of bologna.
    I don’t know anyone who has every gotten a virus on their phone.
    It’s no different than a computer- don’t download porn or download from suspicious sources and you’ll be fine.

  • http://snurl.com/jimjar Jim Mortleman

    It’s true that today you’re unlikely to contract mobile malware *at the moment* unless you’re downloading dodgy apps, but it’s also true that criminals go where the money is, and as we increasingly store more valuable personal information on our smartphones, and use them to conduct transactions, then they’ll be targeted more and more by those with nefarious intent. Plenty of proof-of-concept stuff out there that suggests we could be in for some nasty infections in future.

    I’m equally sceptical about the need for resource-hogging malware scanners unless and until there’s a real malware threat, but I’d certainly say it’s wise NOW to encrypt the data on your phone and protect it with a (regularly changed and not-easy-to-guess password) – both features available on ICS out of the box.

    The main threat today is from having your phone physically stolen (or losing it) while it’s unprotected. But be aware of the common scams to plant malware on any of your devices (enticements to click on spam links, taking advantage of bugs in browsers and other software you’ve not updated, etc). There are also various ‘remote wipe’ tools, but they’re not much good if the first thing the thief does is ensure he disconnects from all networks before grabbing your data.

    Not just Android in danger, of course. Applies to iOS and other smartphones too.

  • OOMatter

    I’d love to hear about actual real life cases. The biggest security issues on most smartphones are facebook and pandora.

  • Dr.Carpy

    I wholeheartedly agree. Imagine a security company ranting about security breaches! I also firmly believe caution is key. I’ve had PC’s that I have built, and never encountered a virus. I’ve never bought anti virus software. I like how they try to make Apple seem bulletproof. Biased stories like this don’t deserve any consideration.

  • Nathan

    I have one of the oldest phone out there and it not at the top? That surprised me a bit but everything else not so much. Also the whole malware thing I don’t really believe in that much but it better to be safe then sorry.

  • themanwithsauce

    How is it that in 2 years of rooting and modifying my OG droid’s OS, trying out almost every single app type out there, and generally doing whatever the hell I want with it, I never ONCE got a malware app.

    And yet it pains me that this will sell malware app subscriptions. Apparently the same “fragmentation” that ruins our updates somehow makes it real easy for malware apps to ruin our data? So you’re telling me that the leading developers in the mobile world can’t make apps that run on multiple versions of android but script kiddies in the basements of china and hong kong can……yeah right.

    And while on the subject of fragmentation, I wish to borrow the following quote and submit it to most news sites – You keep using that word. I do not think it means what you think it means.

    • http://droidsamurai.blogspot.com DroidSamurai

      The fact that you know how to modify your phone pretty much explains why you never got a malware. No offense, but most people who got computer virus are the technical challenge kind. You know, the kind who won’t notice that http://www.amazo.n.com is not http://www.amazon.com. So, don’t assume that people aren’t dumb enough to get their phone infected — there are more stupid people than smart people in this world.

  • http://htcsource.com Nick Gray

    I love the 400% increase number. So if there were 10 malicious apps on the Android Market in 2010 then there are 40 in 2011? I’m so scared.

    One thing that the video does not highlight is that just because your phone is running on an outdated version of Android does not really mean it’s more vulnerable. Hackers are going to program their attacks to hit the biggest number of users possible. This is why most virus attacks are against Windows devices and not Macs. Since Android 2.3 has the biggest chunk of the pie, hackers are going to focus their efforts in attacking those devices.

  • Matt

    thats why android is OPEN SOURCE ,even without manufacturer support my friend’s MILESTONE 1 running android 2.3.7 smoothly, on the other hand my SGS II still stuck on 2,3.4 :P

  • techvudu

    These reports really dont bother me. If you are concerned then get yourself some cpu cycle thrashing AV programs. It’s open source, and not Apple, so of course Android will be targeted. Still have yet to see or here anyone outside of the interwebs actually get a virus of sorts. At least maybe this will cause carrier’s to actually release updates, we can only hope.

  • http://None Javier Bastardo

    Never had any issues of malware on my Spica, which I still use. The media is really having fun with all the “Android has viruses!” thing, I think is just a sequel of all the success Android is having on top of the other mobile OS. There are many ways to stay away of malware and I blame the users if they got any bad bug on their system, complain about and blame it on the OS instead of their own actions.

  • http://k-selezneva.blogspot.com/ KatSelezneva

    Fortunately, I have no experience with mobile malware or viruses on my Android phone. Maybe that’s because I have a Chinese Huawei smartphone. However, I’m very satisfied with it, and I’ve even tried to compare it with an iPhone. A year on an Android-based smartphone vs. an hour with an iPhone http://k-selezneva.blogspot.com/2011/09/year-on-android-based-smartphone-vs.html

  • sylar

    Why do I get the feeling that this is mostly bull? It all depends on you and how you use your phone.

  • Ben Rodriguez

    Wow. I’m surprised my phone is not on here…

  • klcow92

    clean and clear :P not one of them

  1. I’m really not surprised by some of the phones on that list to be honest. In fact pretty much the top 5 don’t surprise me at all

  2. MarkGuest 4 years ago

    Ever since that useless report came out this week, all the MSM tech sites have been echoing the same article. It’s almost disgusting. Is it any shock that the report comes from a security company? This is nothing more than baseless fear mongering to drum up sales for their various mobile security software. I’ve been with Android since the G1 came out and I’ve NEVER, EVER gotten a virus or malware. These companies are trying to create fear and scare where there is little to none to capitalize on it. Really disgusting.

    • Clerk – “You’re loitering and causing a disturbance.”
      Man – “I’m a disturbance? You’re a disturbance pal! You know, here!”
      *Man buys pack of gum*
      “Now I am a customer. I’m gonna buy some Chewley’s gum. All right. I’m a customer…engaged in a discussion with the other customers.”
      ***********
      “Who’s leading this mob?”
      *Guy points at man*, “He is”
      Let me see some credentials…slowly”
      *man hands her business card*
      “You’re a Chewley’s Gum representative?
      *man nods*
      And you’re stirring up all this antismoking sentiment to what? Sell more gum?
      *man nods*

      • AseemGuest 4 years ago

        “Salsa shark. We’re gonna need a bigger boat.”

  3. The whole virus nonsense was probably started off by a bunch of iFanboys that were grasping on straws to find a reason why their pathetic OS is still better ;)

    I’ve got an HTC Desire but I don’t really care about security since I root the thing so often and flash ROMs so often it barely matters anyway.

  4. I imagine most of the malware comes from super shady apps, which is a result of an unrestricted market. Do people not report things as spam/malware once they know? I still blame carriers for “ruining” Android with crap devices and copouts about updates.

  5. You shouldn’t be.downloading porno anyway rofl
    Look for.your closest treatment center

  6. pitacrispsGuest 4 years ago

    This is a hock of bologna.
    I don’t know anyone who has every gotten a virus on their phone.
    It’s no different than a computer- don’t download porn or download from suspicious sources and you’ll be fine.

  7. Jim MortlemanGuest 4 years ago

    It’s true that today you’re unlikely to contract mobile malware *at the moment* unless you’re downloading dodgy apps, but it’s also true that criminals go where the money is, and as we increasingly store more valuable personal information on our smartphones, and use them to conduct transactions, then they’ll be targeted more and more by those with nefarious intent. Plenty of proof-of-concept stuff out there that suggests we could be in for some nasty infections in future.

    I’m equally sceptical about the need for resource-hogging malware scanners unless and until there’s a real malware threat, but I’d certainly say it’s wise NOW to encrypt the data on your phone and protect it with a (regularly changed and not-easy-to-guess password) – both features available on ICS out of the box.

    The main threat today is from having your phone physically stolen (or losing it) while it’s unprotected. But be aware of the common scams to plant malware on any of your devices (enticements to click on spam links, taking advantage of bugs in browsers and other software you’ve not updated, etc). There are also various ‘remote wipe’ tools, but they’re not much good if the first thing the thief does is ensure he disconnects from all networks before grabbing your data.

    Not just Android in danger, of course. Applies to iOS and other smartphones too.

  8. I’d love to hear about actual real life cases. The biggest security issues on most smartphones are facebook and pandora.

  9. I wholeheartedly agree. Imagine a security company ranting about security breaches! I also firmly believe caution is key. I’ve had PC’s that I have built, and never encountered a virus. I’ve never bought anti virus software. I like how they try to make Apple seem bulletproof. Biased stories like this don’t deserve any consideration.

  10. I have one of the oldest phone out there and it not at the top? That surprised me a bit but everything else not so much. Also the whole malware thing I don’t really believe in that much but it better to be safe then sorry.

  11. How is it that in 2 years of rooting and modifying my OG droid’s OS, trying out almost every single app type out there, and generally doing whatever the hell I want with it, I never ONCE got a malware app.

    And yet it pains me that this will sell malware app subscriptions. Apparently the same “fragmentation” that ruins our updates somehow makes it real easy for malware apps to ruin our data? So you’re telling me that the leading developers in the mobile world can’t make apps that run on multiple versions of android but script kiddies in the basements of china and hong kong can……yeah right.

    And while on the subject of fragmentation, I wish to borrow the following quote and submit it to most news sites – You keep using that word. I do not think it means what you think it means.

    • The fact that you know how to modify your phone pretty much explains why you never got a malware. No offense, but most people who got computer virus are the technical challenge kind. You know, the kind who won’t notice that http://www.amazo.n.com is not http://www.amazon.com. So, don’t assume that people aren’t dumb enough to get their phone infected — there are more stupid people than smart people in this world.

  12. I love the 400% increase number. So if there were 10 malicious apps on the Android Market in 2010 then there are 40 in 2011? I’m so scared.

    One thing that the video does not highlight is that just because your phone is running on an outdated version of Android does not really mean it’s more vulnerable. Hackers are going to program their attacks to hit the biggest number of users possible. This is why most virus attacks are against Windows devices and not Macs. Since Android 2.3 has the biggest chunk of the pie, hackers are going to focus their efforts in attacking those devices.

  13. MattGuest 4 years ago

    thats why android is OPEN SOURCE ,even without manufacturer support my friend’s MILESTONE 1 running android 2.3.7 smoothly, on the other hand my SGS II still stuck on 2,3.4 :P

  14. These reports really dont bother me. If you are concerned then get yourself some cpu cycle thrashing AV programs. It’s open source, and not Apple, so of course Android will be targeted. Still have yet to see or here anyone outside of the interwebs actually get a virus of sorts. At least maybe this will cause carrier’s to actually release updates, we can only hope.

  15. Never had any issues of malware on my Spica, which I still use. The media is really having fun with all the “Android has viruses!” thing, I think is just a sequel of all the success Android is having on top of the other mobile OS. There are many ways to stay away of malware and I blame the users if they got any bad bug on their system, complain about and blame it on the OS instead of their own actions.

  16. Fortunately, I have no experience with mobile malware or viruses on my Android phone. Maybe that’s because I have a Chinese Huawei smartphone. However, I’m very satisfied with it, and I’ve even tried to compare it with an iPhone. A year on an Android-based smartphone vs. an hour with an iPhone http://k-selezneva.blogspot.com/2011/09/year-on-android-based-smartphone-vs.html

  17. Why do I get the feeling that this is mostly bull? It all depends on you and how you use your phone.

  18. Wow. I’m surprised my phone is not on here…

  19. clean and clear :P not one of them