Android more vulnerabilities, iOS more zero-days


Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what’s coming in 2022. 

In general, the focus of malicious actors on mobile platforms has increased compared to previous years, mainly due to the push of the global workforce to remote working.

This focus manifested in more significant malware distribution volumes, phishing and smishing attacks, and more efforts to discover and leverage zero-day exploits.

Volume of phishing sites targeting mobile users
Volume of phishing sites targeting mobile users (Zimperium)

Zero-day vulnerabilities are publicly disclosed or actively exploited bugs with no fixes available from the vendor or developers. As it is vital to fix zero-day bugs, vendors typically rush to release security updates once they are disclosed.

However, according to Zimperium’s client stats and a survey conducted for the report, only about 42% of people working in BYOD (bring your own device) environments applied high-priority fixes within two days from their release.

Roughly one-third required up to a week, while a significant 20% hadn’t patched their mobile devices before reaching the two-week mark.

Threats by region

In 2021, actors focused more on remote workforce or on-premise mobile devices, leading to increased malicious network scans and man-in-the-middle (MiTM) attacks. These attacks are aimed at stealing sensitive information that plays a crucial role in more significant attacks against corporate networks.

The most prevalent threats for each region of the world in 2021 were the following:

  • Asia/Pacific – malicious websites, malware, MiTM
  • Africa – malware
  • Europe – malware, malicious local scans, MiTM
  • North America – malware, MiTM
  • South America- malware, malicious local scans

Globally, mobile malware was a problem encountered in 23% of all endpoints protected by Zimperium in 2021, followed by MiTM (13%), malicious websites (12%), and scans (12%).

Types of mobile threats logged globally in 2021
Types of mobile threats logged globally in 2021 (Zimperium)

Android vs. iOS

The mobile operating systems market is dominated by a duopoly of Android and iOS, so inevitably, all comparisons under any spectrum revolve around those…