Why are there more research papers on Android malware than iOS malware?



  • Based on this question.

    Why are there more research papers on Android malware than iOS malware?



  • Android has 87% market share. Even if attackers manage to infect small percent, that is still lot of devices they can cover in small time frame they get before the vulnerability is fixed or malware is detected.

    Android suffers from infamous fragmentation problem due to which most android devices lose security updates after 3 - 4 years and forever become vulnerable to new vulnerabilities. This gives attackers large timeframe to spread malwares through various channels until they are caught by Google Play Store and anti-malware agencies. So more malwares are built for android devices.

    Android allows flashing of custom images which can used to gain root access. This is useful for researchers to disable some SELinux policies, customise kernel, attach debugger with the malware, dump its memory and analyse post exploitation behaviour of malware in real environment.

    Qualcomm, Samsung and MediaTek release platform tools for their SoCs which can reflash even hard-bricked devices. This lowers research cost and if experiments go wrong, there's a safe state to go back to without requiring specialised hardware programmers. Using these tools, the process can also be automated to test malware samples in different OS versions and in generic system images.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2