Internal US Government memo warns authorities about Android malware threats

Public Intelligence has published a joint release from the US Department of Homeland Security and Department of Justice cautioning government workers about the severity of malware threats on the Android platform. According to the government’s findings, 79% of mobile operating malware threats in 2012 took place on Android, compared to 0.3% on Windows Mobile.

The unclassified roll call release put forth Android as the “primary target for malware attacks,” citing its dominant market share and open source architecture. The document went on to remind federal, state and local authorities to update and patch their mobile devices.

A chart included with the memo depicted Nokia’s decaying Symbian platform as the second highest target of mobile threats at 19 percent. Windows Mobile received 0.3 percent of threats.

Three classes of Android security threats were identified in the release: SMS trojans, rootkits and fake Google Play domains. In order to avoid and prevent those types of malware, the release advised authorities to make use of an Android security suite, install a Carrier IQ test app and adhere to IT department protocol for updating the OS.

Carrier IQ, you might recall, was a form of surveillance software installed by some handset makers and carriers that was found to have secretly tracked keystrokes and location.

While security firms have already made much of the Android mobile malware issue, it’s certainly telling to see the government’s own concern about the operating system. Android’s rise to prominence in the mobile market certainly has made it an obvious candidate for targets from cybercriminals. The open nature of the OS has also allowed hackers to craft malware that embeds itself much deeper in the system.

Interestingly, the government’s 79 percent figure for Android threats is lower than third-party estimates from companies like Juniper Networks, which recently asserted that Google’s OS is responsible for 92 percent of all mobile malware.

The DoJ and Homeland Security release isn’t anything to panic about, but it’s a good reminder to keep our devices up to date and always exercise caution when installing applications. Health providers need to be extremely cautious because they can be held responsible for any HIPAA violation that may occur due to malware.