Vulnerabilities on Android and iOS: more numerous but less serious at Google

Zimperium has released its annual report on threats targeting mobile devices, be it smartphones and tablets running Android or iOS. The well-known company specializing in IT security, which has also collaborated with Google to improve Play Protect, therefore reports to us what happened during 2021, in order also to predict what the difficulties could be in the course of 2022.

join us on telegram

Android vs iOS: No one is free from threats and vulnerabilities

The attention of cybercriminals on mobile platforms has unfortunately increased compared to previous years, and this translates into a greater volume of malware, phishing attacks and more efforts to exploit zero-day vulnerabilities (i.e. those not known to developers).

Manufacturers rush to release security updates as soon as possible, but according to statistics released by Zimperium, it is only 42% of people who work in the company and who bring their mobile devices to install critical patches within two days of release. . A third of the subjects wait up to a week, while 20% do not resolve the vulnerability even after two weeks.

What is the safest mobile operating system? Android or iOS? According to the Zimperium report, in the course of 2021, the robot system seems to have been more vulnerable overall than iOS, but the latter tends to have more serious security flaws. Last year 574 vulnerabilities were discovered on Android, a significant reduction compared to 859 in 2020: almost 80% of these are easy to exploit, but only 18 were classified as “critical”.

As regards the Apple system, 357 vulnerabilities have been discovered, 24% of which are considered of low complexity. In this case, however, there are 45 critical flaws that can be used by malicious people, which could significantly compromise the targeted device.

In short, iOS is a more demanding goal to “reach”, but it could prove to be more profitable since the vulnerabilities are far more serious at the medium level (18 critical out of 574 for Android and 45 out of 357 for iOS). The zero-day vulnerabilities that targeted iOS and Apple WebKit, 11, account for 19% of all zero-day exploits for the year.

Returning to the robot, Zimperium found that as much as 80% of financial apps for Android exploit potentially vulnerable cryptographic solutions, while 82% of apps for purchasing products and services do not integrate code protection.

What we as users can do is install the latest security patches available for our smartphone and tablet, always check the apps we are installing (even if they come directly from the Google Play Store ) and the assigned permissions.

A long list of concessions for “simple” apps should be a wake-up call: if in doubt, avoid downloading the app. With Android 12, Google has introduced features that can be very useful, such as the Privacy Dashboard and the microphone and camera usage indicators. For more information on Zimperium and the 2022 Global Mobile Threat Report, you can go here.

Leave a Comment