THE UNITED STATES Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) must have caught up on their IT industry news reading this summer, because they have just warned about security threats to devices that use the Android mobile operating system.
A joint DHS-FBI bulletin read, "Android is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and open source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7 - known as Gingerbread - which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions. The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date."
The bulletin proceeded to identify SMS Trojans, rootkits and fake Google Play domains as security threats and offered various mitigation strategies.
For example, to fight against SMS Trojans it advised, "Install an Android security suite designed to combat these threats. These security suites can be purchased or downloaded free from the Internet."
To protect against fake domains, "Install only approved applications and follow IT department procedures to update devices’ OS. Users should install and regularly update antivirus software for Android devices to detect and remove any malicious applications."
The IT industry and tech-savvy users have known about these types of security concerns - stemming from Android fragmentation, most mobile phone manufacturers' sloth and indifference, and user inertia and ignorance - for a while now. But apparently the DHS and FBI just noticed this summer. µ