Over 5 billion app downloads are vulnerable to remote attacks. See how FireEye analyzes the numbers, and learn what you can do to identify and manage harmful mobile apps. Visit www.fireeye.com for more information.

1. iOS: the next frontier for cyber criminals
iOS apps may not be as secure as
you think
The risks of public apps
Apple Developer Enterprise
Program has been abused to create
malicious EnPublic iOS apps
More than 80%Attackers can use
undocumented or private
APIs within EnPublic apps
Android apps designed to
steal financial data rose
exponentially in 2013
(up from 260 prior to that year)
The 2014 Masque attack
Discovered by FireEye, the attack
targeted jailbroken and non-jailbroken
iOS devices.
The vulnerability allowed for malicious
apps to replace existing, legitimate
ones on an iOS device via SMS, email, or
web browsing.
New iOS vulnerabilities include Universal Cross
Site Scripting (UXSS) and SSL/TLS misuse
of the EnPublic apps were
found to use private APIs
New strains of malware and zero-day
exploits can target non-jailbroken
iOS devices through trusted USB
connections and over-the-air delivery
1,300
Freely available public apps are not subject to Apple's strict review process.
of time spent on mobile
devices in 2014 involved
app usage
86%
EnPublic iOS
apps are currently
available for
download online
1,400
of popular Android apps on
Google Play are vulnerable to
JavaScript-Binding-Over-
HTTP (JBOH)
31%
80%
UXSS
AreMobileApps
theEnemy?
FireEye researchers
analyzed 7 million Android
and iOS apps. Here's what
they found.
Many consumer
Android apps have
vulnerabilities and
poor security
safeguards.
FireEye found more than 5 billion downloaded
Android apps vulnerable to remote attacks.
The riskiest vulnerability may be JavaScript-Binding-Over-HTTP (JBOH).
Aggressive Android adware collects detailed user information, including:
Age
Household
Income
Ethnicity
Gender
Interests
GPS
Location
Name
Email
Address
Device ID
of malware
targets Android
devices and apps
96%
FindouthowFireEyecanhelpidentifyand
managepotentiallyharmfulapps
www2.fireeye.com/MobileThreatAssessment.html
© 2015 FireEye, Inc. All rights reserved. FireEye is a registered trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks
of their respective owners. INFO.MA.EN.US112015