Figure 7: Changes in distribution vector over the years
Third-
Party Application Store
Development
Software
Direct
Download
Hardware
Component
Hijacked
Updates
Open-
Source Dependency
Phishing
Proprietary
Application Store
Supply
Chain Service Provider
Typosquatting
Unknown,
N/A, or Other
Worm
Component
0
2
4
6
8
10
12
14
16
18
20
22
24
26
28
30
32
34
36
2010
0
2
0
1
0
2
2
0
0
0
1
0
2011
1
1
1
1
0
0
0
0
0
0
2
1
2012
0
1
0
0
0
0
0
0
0
0
0
0
2013
0
3
0
1
1
0
0
0
0
1
5
0
2014
0
2
0
0
1
0
0
0
0
0
3
1
2015
0
2
2
0
0
2
1
0
2
1
8
0
2016
1
1
1
2
2
0
0
1
1
0
1
0
2017
3
7
3
3
2
1
0
1
0
0
3
1
2018
2
7
5
1
10
1
1
0
1
2
7
0
2019
1
5
7
1
3
0
0
0
1
2
9
1
2020
1
0
3
0
2
0
0
0
0
1
8
0
