Android vs iPhone – Does anything really change?
May has been something of a confusing month for Android users. It started well, with a slew of exciting new updates, but by the end of the month everything seemed to go backwards, with Apple’s iPhone moving even further.
First came this tidal wave of security update news from Google, much of which was unveiled at the I/O event. This includes the first-ever basic cellular and IMSI capture warning, more advanced anti-theft protection and the introduction of a ‘personal space’ to protect sensitive information when a user’s phone falls into the wrong hands – whether thieves or just kids.
But the update that will likely make the biggest difference to most users is Google’s “live threat detection,” using AI to “analyze behavioral signals related to the use of sensitive permissions and interactions with other apps and services.” If suspicious behavior is detected, Google Play Protect may submit the app to Google for further review and then alert users or disable the app if malicious behavior is confirmed.”
Google is fighting the notion that the iPhone is a more secure, safer, and more personal ecosystem; and when it comes to the premium end of the market – and large parts of the US market, it’s that iPhone halo that continues to really disappoint.
In reality, Google has been building ever-higher fences around the Play Store for years, and slowly, subtly, has begun to shift users away from the third-party stores that made Android so different from the iPhone, and toward the Play Store and its Protect shield.
Whether or not these new innovations can be the magic bullet for Android, and whether or not users can start to feel more secure, the darker side of Android made a comeback at the end of May, ensuring that the month ended with a lot different note.
“Over the past few months,” warned the Zscaler team, “we have identified and analyzed more than 90 malicious apps uploaded to the Google Play Store. These malware-infected apps totaled over 5.5 million installs.
While the team flagged various malware families as threats to Play Store users – Joker, Adware, Facestealer and Coper – Anatsa was the highlight of its report. “This sophisticated malware uses dropper applications that appear harmless to users, tricking them into unwittingly installing the malicious payload. Once installed, Anatsa exfiltrates sensitive banking credentials and financial information from global financial applications. It achieves this through the use of overlay and accessibility techniques, allowing it to intercept and collect data discreetly.
I have already warned about Anatsa this year – the threat is not new. But the optics regarding Google and the Play Store were ill-timed given May’s focus on Android security.
The Anatsa threat remains largely consistent, although Zscaler notes its focus on the US as well as the UK/Europe, and that it is now also infecting users in Asia. Anatsa targets phones through a seemingly clean app, but one that is actually a dropper that connects to an external server and downloads malware to the device. “This strategic approach allows the malware to be uploaded to the official Google Play Store and avoid detection.” Clean apps are the typical curiosities we all seem addicted to downloading onto our devices — PDF and QR code readers, for example.
Once installed, the Anatsa malware scans for target baking applications on the infected device and then seeks to intercept login credentials and one-time SMS passwords. His approach involves a cloaked ghost login page where users are tricked into entering their username and password.
Anatsa is now one of the predominant malware families that continue to plague Android users, and report after report confirms the scale of the Android threat against the iPhone. “Recent campaigns conducted by threat actors deploying the Anatsa banking Trojan highlight the risks facing Android users in multiple geographies who have downloaded these malicious apps from the Google Play Store.”
In response to Zscaler’s report, Google said A glowing computer that “all identified malicious apps have been removed from Google Play” and that “Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”
But the challenge for Google is that this perception looks extremely difficult to counter any time soon. We’ve already seen a slew of Android warnings this year, and while Google assures that once it becomes aware of a threat, it’s included in Play Protect’s hit list, the risk is that malware is still finding its way to the Play Store in much higher volumes than Apple’s App Store, and only later identified and mitigated.
Alongside new Android security updates, we’ll see the on-device/off-device battle as Apple, Google and Samsung strive to ensure that the brave new world of AI isn’t a privacy nightmare in the making. Here again, the challenge for Google, Android and Samsung by association will be to overcome Apple’s security and privacy credentials, and it’s not a meaningless commitment to a privacy-first approach.
So, all eyes are on Android 15 and the difference, if any, that Google’s new mitigations can make in this threat landscape and the security perception of Android versus iPhone.
It still seems like something of an impossible task…
![Read more about the article “Ghost of Tsushima” is already flooded with negative reviews on Steam [Updated]](https://vogam.xyz/wp-content/uploads/2024/05/Ghost-of-Tsushima-is-already-flooded-with-negative-reviews-on-300x169.jpg)