People that scoff at the security argument as well as the argument against the proliferation of shitty third party stores clearly haven’t read Nokia’s annual threat intelligence reports of the past couple years.
Pretty much every year they show Android to have a sizable market share in malware and it’s almost always accompanied with the context that people got these from third party stores filled with Trojans posing as legitimate apps.
Yeah sure, you could try to cut this off at the pass with system level mitigations but it’s not like Google hasn’t made headway in improving this on Android.
People are also quick to forget that system level mitigations are but one layer of a Swiss cheese model with App Review, while not infallible, being a very important part of that model.
ETA: Below some information from said reports that I copy pasted from a different comment of mine
Where 2020[0] “only” saw Android come in at 26.64% with iOS coming in at 1.72%, in 2021[1] Android accounted for a whopping 50.31% of the infections while iOS didn’t even register on the charts.
Let me repeat that again: over half of all infections in 2021 were on Android devices.
Were these super sophisticated attacks?
Let’s see, because Nokia, understandably so, dedicated significant sections of their reports to Android.
In 2020 they stated (emphasis mine):
> In the smartphone sector, the main venue for distributing malware is represented by Trojanized applications. The user is tricked by phishing, advertising or other social engineering into downloading and installing the application. The security of official app stores, such as Google Play Store, has increased continuously. However, the fact that Android applications can be downloaded from just about anywhere still represents a huge problem, as users are free to download apps from third-party app stores, where many of the applications, while functional, are Trojanized. iPhones applications, on the other hand, are for the most part limited to one source, the Apple Store.
In 2021 they stated (emphasis again mine):
> Among smartphones, Android devices remain the most targeted by malware due to the open environment and availability of third-party app stores.
> […]
> The number of Trojans targeting banking information through Android mobile devices has skyrocketed, putting millions of users around the world at financial risk.
> […]
> Banking Trojans can arrive on smartphones in a variety of ways, often disguised as common and useful apps. When run, they request a variety of permissions needed to perform their desired behavior, then often remove their icon from the application pane, effectively disappearing from the device. In many cases, the apps never provide the promised functionality that enticed the phone's owner to install them and are forgotten quickly after disappearing. However, they remain installed and continue to run as background tasks, using a variety of tricks to collect user information. These may include capturing keystrokes, superimposing their own transparent overlays onto bank login screens, taking screenshots and even accessing Google Authenticator codes.
So it looks like in most cases users are being tricked to install malware and grant permissions.
This all also explains why the whole “muh sandbox” argument carries little weight.
Not only is the sandbox but a single layer of a bigger Swiss cheese model, the sandbox isn’t gonna help your mom if she’s tricked into granting permissions.
On top of that you can bet your ass that iOS users will be prime targets, certainly more desirable targets than random Android and Windows users, because of potential ill gotten gains.
Pretty much every year they show Android to have a sizable market share in malware and it’s almost always accompanied with the context that people got these from third party stores filled with Trojans posing as legitimate apps.
Yeah sure, you could try to cut this off at the pass with system level mitigations but it’s not like Google hasn’t made headway in improving this on Android.
People are also quick to forget that system level mitigations are but one layer of a Swiss cheese model with App Review, while not infallible, being a very important part of that model.
ETA: Below some information from said reports that I copy pasted from a different comment of mine
Where 2020[0] “only” saw Android come in at 26.64% with iOS coming in at 1.72%, in 2021[1] Android accounted for a whopping 50.31% of the infections while iOS didn’t even register on the charts.
Let me repeat that again: over half of all infections in 2021 were on Android devices.
Were these super sophisticated attacks? Let’s see, because Nokia, understandably so, dedicated significant sections of their reports to Android.
In 2020 they stated (emphasis mine):
> In the smartphone sector, the main venue for distributing malware is represented by Trojanized applications. The user is tricked by phishing, advertising or other social engineering into downloading and installing the application. The security of official app stores, such as Google Play Store, has increased continuously. However, the fact that Android applications can be downloaded from just about anywhere still represents a huge problem, as users are free to download apps from third-party app stores, where many of the applications, while functional, are Trojanized. iPhones applications, on the other hand, are for the most part limited to one source, the Apple Store.
In 2021 they stated (emphasis again mine):
> Among smartphones, Android devices remain the most targeted by malware due to the open environment and availability of third-party app stores.
> […]
> The number of Trojans targeting banking information through Android mobile devices has skyrocketed, putting millions of users around the world at financial risk.
> […]
> Banking Trojans can arrive on smartphones in a variety of ways, often disguised as common and useful apps. When run, they request a variety of permissions needed to perform their desired behavior, then often remove their icon from the application pane, effectively disappearing from the device. In many cases, the apps never provide the promised functionality that enticed the phone's owner to install them and are forgotten quickly after disappearing. However, they remain installed and continue to run as background tasks, using a variety of tricks to collect user information. These may include capturing keystrokes, superimposing their own transparent overlays onto bank login screens, taking screenshots and even accessing Google Authenticator codes.
So it looks like in most cases users are being tricked to install malware and grant permissions.
This all also explains why the whole “muh sandbox” argument carries little weight. Not only is the sandbox but a single layer of a bigger Swiss cheese model, the sandbox isn’t gonna help your mom if she’s tricked into granting permissions.
On top of that you can bet your ass that iOS users will be prime targets, certainly more desirable targets than random Android and Windows users, because of potential ill gotten gains.
0: https://vpnoverview.com/wp-content/uploads/nokia_threat_inte...
1: https://onestore.nokia.com/asset/i/210088