By exploiting outdated operating systems which were not updated, WannaCry has managed to capture more than half a million computers in countries around the world. Updates are critical for Windows systems, as one can clearly see. But why are they not as critical for Android systems? After all, Android systems are regularly updated and barely any users are on the latest versions. Many don’t have access to the latest updates because their system is old. It’s estimated that only 7% of the billion Android users worldwide are on Android 7.0 (popularly named Nougat) and more than 33% are on Android Kitkat which is more than three years old.
Android isn’t susceptible to WannaCry since that only attacks Windows systems, but it could be open to other attacks. However, due to the nature of Android itself it is unlikely that Android will ever face a widespread attack like WannaCry. This is due to a couple of reasons but mainly because Microsoft had unique flaws.
Microsoft patched the vulnerabilities that were leaked in March but WannaCry hit systems that couldn’t even get the patch because they were too old. Since 2014, Windows XP users (among others) don’t get any updates so they’ve spent the past three years open to newly developed malware attacks. Google does things a bit differently for the older systems. Since 2015, Android users receive security updates (going back to version 4.4) which protects an estimated 80% of all devices. While Android users may not get the full update and the newest features, their security is still at the latest level. While this still leaves a sizeable chunk of users who cannot get updates, it’s a better solution than never rolling out patches.
However, the millions of Android users who don’t get updates shouldn’t be worried too much. Ransomware targets businesses like banks and hospitals since these businesses need their data on hand all the time. After all, credit card transactions and emergency services happen in real time. Hackers are likely to go after the big money and so aiming for phones, especially those which are outdated, is not likely to be a successful way to get people to pay up. A hospital is more likely to unlock their data by paying $300 in Bitcoins than someone who has their phone locked down and they feel it better to just put the $300 into buying a new phone.
Finally, WannaCry spread by hitting shared computers using Server Message Block. That meant it only needed one person on a shared network to let it in and it had access. While most Android phones are connected by mobile network carriers, this isn’t the same as a computer network connection. Which means ransomware is limited on Android systems and cannot transmit anywhere near as quickly. A person who catches ransomware on their phone, even if you’re both on the office Wifi, won’t be transmitting it to your phone. Though you might not want to open any links from them in future for a bit.