Each day brings new challenges for our mobile devices to face. The Android operating system is no exception. For better or worse, its openness to customizability and development make Android the perfect target for hackers and criminals trying to harvest data for profit.
Companies also take advantage of Android’s lax security, using any and all opportunities to obtain user data legally for advertising and sales strategies. With so many different parties vying for our information, it can be difficult to determine what the biggest threats are.
Luckily, many have remained the same over the years. While there are some newer threats, take solace that many threats are well recognized by now. So what are they and what can we do about them? See for yourself.
Threats to Android Security –
Year after year, the butt of so many internet jokes actually proves to be one of the gravest threats to Android users. Public WiFi networks (where users can access for free) are highly risky because everyone can access them.
Cyber criminals know about this and spend at least some of their time camped out in public places just waiting for unsuspecting victims to access the net for free. Within just a few minutes they can access Androids and other devices, stealing data and injecting malware as they see fit.
Right now there are only two real viable options to avoid this threat. Either avoid public WiFi or use a Virtual Private Network (VPN) service to shield your connection with encryption and anonymity. The former option may end up being more expensive because limited data plans can become pricey.
A VPN, on the other hand, costs just a few dollars a month and ensures protection from intruders in public places. Users unfamiliar with a VPN may want to read this review by Secure Thoughts on the top VPNs before choosing a service.
Scams and Phishing
Security software has proven to be a huge boon to Android users and a thorn in the side of hackers. Scammers, on the other hand, do not suffer from that same problem. They use tricks and misdirection to fool users into handing over private information—anything from account information to personal financial data—and they’re not a thing apps can do about it.
Phishing is a specific type of scam where the thief creates a fake website or page that closely resembles a trusted site, such as Facebook or Twitter. They then link this page to other users—often with a stolen account—and trick people into logging in. Instead, that information goes right to the scammer who now has another stolen account to utilize.
Another similar scheme involves sending threatening emails from addresses that look legitimate, often claiming an account has been compromised or is in the contest. The user just needs to provide private information to clear up the misunderstanding.
In both of these cases, it’s important to realize a few basic facts:
- Companies already know your username and password; they don’t need to ask
- Web addresses can be viewed at the top of your browser or by tapping and holding a hyperlink until the full address appears
- Official communications rarely ever contain grammatical mistakes
Messages send by scammers frequently differ from the language you’re used to reading from friends and family. If you suspect a scam, contact the person who owns the account that’s messaging or emailing you to see if it’s real (preferably an offline contact).
While it’s no secret that Android doesn’t run quite as tight of a ship as iOS, few people realize just how dangerous third-party apps, i.e., those not coming from the Play Store or Amazon App Store, can be.
Remember that outside of the official app stores, there is no vetting of an app’s safety. A third-party app can do just about anything. Once it gets your permission (which most of us readily give), it can read your contacts, view your pictures, send messages on your behalf, and even access account information. All of this data can be funneled back to the app developer.
While reputable companies can be trusted with this information, you wouldn’t readily surrender that kind of thing to a complete stranger. And that’s exactly what’s happening in the case of many third-party apps.
The QuadRooter vulnerability is one such example. Newer Android phones using the Qualcomm chipset are vulnerable to being taken over by malicious apps in their entirety. For the record, that includes big name phones such as the Galaxy S7 and the LGV10.
Unfortunately for Android users, their updates don’t come from a central source. Whereas Apple distributes its updates centrally to all their devices, Android users must wait for their individual manufacturers to issue an update. An update to a Samsung device doesn’t mean an update for an LG device is imminent.
For instance, when Zimperium discovered a flaw with how Android handles MMS messages, fixes didn’t (and still haven’t) appeared for every Android device. As a result, what is known as the “Stagefright MMS flaw” is still a major problem for many Android owners. In short, someone can send a malicious video message to another user without them knowing about it and even have it automatically activate.
There’s not really a fix for this problem, except if you’re using one of Google’s phones, as they provide updates regularly.
Risks and Rewards
Without a doubt, Android has a lot of good things going for it. Its versatility lands it in the hands of countless users. The number of companies developing devices on the Android platform also gives us many different handsets and tablets to choose from.
However, we’re also faced with numerous risks and dangers on Android. The myriad of security issues isn’t easily addressed with a single solution as a result of Android’s fragmented development. Every year the threats are a little different, even if some problems stay the same.
Stay current and be mindful; many threats can be addressed by user action. Just be aware that exploits to Android itself might not be so easily dealt with. Choose your Android wisely!