Thursday, November 10, 2011
Without Adobe Flash, Is Android Safer?
Most exploit packs target Flash and other Adobe products, including Flash Player for Android. In fact Adobe updated its mobile Flash Player just today to version 184.108.40.206, which fixed "critical" security vulnerabilities intended for PC users.
As a result, not including Flash reduces the operating system's threat level—but by how much?
"Attackers will have to look elsewhere," said Fraser Howard, principle malware researcher at Sophos. But in reality, he added, attackers target Windows PC, not mobile, users with these Flash-based exploits.
Tim Wyatt, a principal engineer at Lookout Mobile Security, was less concerned. He said Adobe treats Android as a "first class platform" and provides timely patches for Android users. Furthermore, he has never detected malware targeting Android specifically via the Flash runtime.
Yesterday, Adobe confirmed that it will no longer develop Flash for mobile devices after its next release and instead focus on HTML5 and AIR apps. But the company assured it will continue issuing "critical bug fixes and security updates" for devices running the software—like the BlackBerry PlayBook and Android devices. Now that Android is the most widespread, and open, mobile platform, it attracts more malware. Common Android Trojans that sneak their way into your smartphone through poisoned apps are premium rate billing, GPS-based espionage, fake antivirus, and poisoned search results.