We return to our review of the mobile threat landscape with a look at fresh Symantec mobile security data.
What did they provide?
Symantec sent me some data that comes from 2018 and is from an internal analysis of their Skycure/Symantec Endpoint Protection mobile customers, which is primarily corporations, but some data is from consumer use of their app. Some of their clients prefer more locked-down and managed environments, especially those in regulated industries, but they also have customers that allow BYOD. Symantec can secure managed and unmanaged devices. Most of the Symantec mobile security data I received is Android focused and limited in scope, but they did provide one data point for iOS devices.
Unsurprisingly, the enterprise is better protected from malware than consumer-used devices. Symantec mobile security data shows that only 7.07% of Android devices in an organization had at least one malware incident in 2018. (Symantec defines an “incident” as where an app designed to cause harm is downloaded or installed on a monitored device; this can also include apps that were already installed on a newly enrolled device.) Compare that number to the much higher 22.35% of what Symantec calls “unattached devices,” which are devices not associated with any organization, rather consumers that downloaded their app from Google Play or the App Store.
But overall, malware is present in less than 1% of Android apps that are installed on Symantec-monitored devices. They do not count apps that are merely considered risky or unwanted that may do something like not properly protect user data but is otherwise legitimate. (Checking to see how security vendors define “malware” is always good.)
Of the Android apps analyzed in 2018 by Symantec, only .56% got a medium or high risk score, with .54% of apps receiving a low risk score. Any apps selected by Symantec’s proprietary risk score to be high or medium means the device can be a risk to the organization and should be remediated. For low risk score apps, they’re not seen as potentially dangerous and the user’s device won’t get flagged/remediated; though more regulated or conservative organizations may opt to anyway.
For Symantec customers, 2.04% of iOS devices in organizations had at least one sideloaded iOS app. Does seem surprisingly low compared to the data Lookout and Wandera previously shared, especially given how easy it is install them.
About 35% of Android devices that can upgrade to the latest OS update (even minor ones) had not. Symantec did note that “this number varies greatly depending on when the data was taken relative to when new versions are released.” This makes sense, especially since Android releases aren’t always distributed evenly throughout the year. Also, keep in mind that in Android, many devices get monthly security patches that are separate from OS updates.
Last call for mobile security data!
We’re preparing to finish our review of publicly available and provided data soon. So, if you have data that differs from the Symantec mobile security data above or validates what they and the other vendors (Lookout and Wandera) have already shared, please contact us!