According to data available through Wikipedia (see Figures 1.2 and 1.3), the Android platform runs on 64% of smartphones and on about 23.5% of all phones (http://en.wikipedia.org/wiki/Mobile_operating_system). Approximately 37% of all phones today are smartphones, leaving a whopping 60%+ of phones open to future adoption. Given that Android’s share of the smartphone market has been rising steadily, the Android platform is slated for similar growth in the near future. Emerging markets and advanced economies alike are slated for increased smartphone adoption, with Android at the heart of it. Even during the recent economic downturn, the number of smartphone users continued to increase steadily. Mobile devices will form the majority of Internet-accessing devices (dwarfing servers and personal computers [PCs]) in the near future.

Until recently, smartphones were not “must-have” items and were considered only for tech-savvy or gadget geeks. The first Windows handheld devices (Windows CE) were introduced in 1996. The first true mobile smartphone arrived in the year 2000, when the Ericsson R380 was released, and it featured Nokia’s Symbian operating system. For awhile, there were cell phones and PDAs—separate devices (anyone remember iPaq?).

In 2002, both Microsoft and RIM released smartphones (Windows CE and Blackberry), respectively. While corporate adoption picked up after the release of the Blackberry, the end-user market really started picking up after the introduction of Apple’s iPhone, in 2007. By then, RIM had a majority share of the corporate market. Around the same time, Google decided to jump into the mobile device market. If mobile devices were going to represent most user activity in the future, it meant that users would be using them for searching the Internet—a core Google service. Advertising dollars would also be increasingly focused on mobile devices, as mobile devices allow for much more targeted ads. Searching “pizza” on a desktop/laptop can provide information about a user’s location through the IP address, among other information. However, with a cell phone, the user’s GPS location can be used to display “relevant ads” of places nearby.

The Open Handset Alliance (OHA) made its debut in 2007, and in 2008, Android was released.

The computational power of mobile devices has grown exponentially (see Figure 1.4). The HTC EVO 4G phone has the Qualcomm 8650 1 Ghz processor, 1 GB ROM (used for system software), and 512 MB of RAM. In addition, it has 802.11b/g, Bluetooth capability, an 8.0 MP camera, GPS, and HDMI output. The phone specifications are powerful enough to beat a desktop configuration for a typical user a few years ago. Again, this trend is likely to continue.

Android’s share of mobile devices has been increasing at a steady rate (see Figure 1.5). Android devices surpassed iPhone sales by 2011. By mid-2011, there were about half a million Android device activations per day (see Figure 1.6). Figure 1.7 shows the number of carriers as well as manufacturers that have turned to Android.

After the launch of the iPad, many manufacturers turned to Android as the platform for their offerings. The Samsung Galaxy Tab is a perfect example of this. Other manufacturers (e.g., Dell, Toshiba) have also started offering tablets with Android as their platform (see Figure 1.8). A trend is likely to continue wherein the tablet market uses two major platforms—IOS and Android.

For a long time, Nokia’s Symbian OS was the primary target of attackers due to its penetration in the mobile market. As the market share of Symbian continues to decline and there is a corresponding increase in the share of Android devices and iPhones, attackers are targeting these platforms today.

Symbian is still the leading platform for phones outside the United States and will be a target of attackers in the foreseeable future. However, Android and iPhone attacks are increasing in number and sophistication. This reflects the fact that bad guys will always go after the most popular platform. As Android continues to gain in popularity, threats against it will continue to rise.

Looking at the threat landscape for Android devices, it is clear that attacks against Android users and applications have increased quite a bit over the last couple of years. As Android adoption picks up, so does the focus of attackers to target the platform and its users. Android malware has seen an upward trend, as well.

This trend does not only apply to Android devices. Mobile phones have increased in their functionality as well as attack surfaces. The type of data we have on a typical smartphone and the things we do with our phone today are vastly different from just a few years ago.

Attacks on basic phones targeted Short Message Service (SMS), phone numbers, and limited data available to those devices. An example of such an attack is the targeting of premium SMS services. Attackers send text messages to premium rate numbers or make calls to these numbers. An attack on an Android or smart-phone is different and more sophisticated—for example, a malicious application accessing a user’s sensitive information (personal data, banking information, chat logs) and sending it to potential attackers. Smartphones are susceptible to a plethora of application-based attacks targeting sensitive information.

The following is a sample data set on a typical smartphone:

Attacks on a smartphone running on the Android platform could result in leakage of the above data set. Some possible attacks that are more devastating include social engineering, phishing, spoofing, spyware, and malware—for example, a mobile application subscribing a user to a premium service. The user would then incur data and usage charges, in addition to subscription fees. Smartphone browsers are miniature compared to their desktop counterparts. Therefor...