StopBadware introduces logic into threat analysis

One of the first posts that I wrote in this Empoprise-BI business blog was a January 31, 2009 post that quoted from a Google executive named Marissa Mayer. (In case you haven't heard the news, she's no longer with Google.) The post detailed an apology that Google had to issue after a previous apology to users contained incorrect information - specifically, that StopBadware.org was at fault for a Google outage. It wasn't.

I hadn't heard anything about StopBadware.org lately, but the organization's most recent blog post contains a new attempt to correct information - only this time the incorrect information isn't about StopBadware.org itself.

The U.S. Department of Homeland Security and the FBI issued an internal bulletin ... [in July] on “threats to mobile devices using the Android operating system.” The bulletin contained a chart illustrating findings that 79% of mobile malware targets Android—a number that the media (tech and otherwise) quickly picked up and used as a centerpiece for the headline frenzy that followed.

That number, however, is meaningless without context.

Specifically, the fact that malware is targeting Android is not a reflection of Android's security, or lack thereof. It's a reflection of Android's dominance of the mobile market.

Malware authors go where the money is.

StopBadware is more concerned about the fact that 44% of Android users are running old OS versions with security vulnerabilities - issues that could be fixed by upgrading to the latest version.

Good, so I'll just update my first-generation Samsung Stratosphere to Android version 4...uh, maybe not.

(Incidentally, I never did perform the factory reset on my phone...and I now use an alternate service to transfer files between my phone and other devices.)