An alarming number of Android devices are not running the latest operating system, potentially putting any Android-toting BYOD employee at risk of bringing a malicious attack onto their corporate network, according to a report released today.
Zimperium's Global Threat Intelligence, a network comprised of millions of licensed mobile endpoints around the world, found in the first quarter that:
- 98% of Android devices do not have the latest software version, 7.1+
- More than 35% of iOS devices do not have the latest software version, iOS 10.3, and have not received security updates as of March 31.
- 13% of Android devices carry malware in their apps
- 1% of iOS devices were loaded with malware
- More than 19% of apps can grab private information, such as passwords and the device's Unique Device Identifier (UDID)
Older versions of Android not only carry known exploits, but the study also found that 15% of configuration settings on Android devices are rooted, allowing non-Google Play app downloads and developer options to be enabled.
And for the iOS, the study noted: "The most concerning risks associated with iOS devices were malicious configuration profiles and 'leaky apps.' These profiles can allow third parties to maintain persistence on your device, decrypt your traffic, synchronize your calendars and contacts, know your location and could allow a remote connection to control the device or siphon data from the device."
Read more about the study here.