Header Ads

A Guide to Android Security Risk by Ethical Hackers Club

If you're an Android user -- or planning to be -- you've possibly heard about all the security risks of Google's Android operating system. But how true are these threats, and how much harm can they cause?

Despite the fears, are Android devices actually a safe?

Depending on whom you talk to, you might hear stories regarding Android security that "prove" the need for multiple solutions or you might be advised to buy a single tool to eradicate your Android related fears.

Before making a serious commitment to Android as a mobile platform, it's important to discover, what Android's important security problems are and how you can assess their original risk and remedies.

Must Read: Android Drammer Attack

 Android's two primary risks

The Android ecosystem has two main security risks, according to  Ethical Hackers Club's mobile security experts:

  • The Google Play Store
  • The fragmentation of devices and OS versions

The Google Play Store's risks.

Android is an open platform, and that's what making it risky, says Shivam Goswami, Managing director for Ethical hackers' Club at Mumbai. "Unlike Microsoft Windows Phone , there is no fenced boundary, and this drives to potential security vulnerabilities when not managed intelligently," Says Vinay.

Google Play store, the digital platform for Android applications, is itself a source of potential security risks. "Google Play store, is currently flooded with the higher percentage of malware, or social engineering attacks to connect to malware as compared to any other app store," says Vinay. 

When users download apps from Google Play, they never pay attention to the permissions app gains on their device. "They habitually accept the permission during installation. And more frequently, apps ask for more permissions than they actually require."

The security vulnerabilities affecting Android devices can cause actual performance issues and data loss -- not just minor nuisances.

Bose reports of a presentation he gave at a conference of Ethical Hackers Club, Bose unboxed an Android device and installed a game called Very Angry Birds, basically a clone of the popular Angry Birds game, from an app store. "The device had the latest Norton Mobile Security and Symantec security for Android, but the game contained malware that none of the security detected.

Everything looked great, and nothing changed on the device when the game was running. "Then Bose took his laptop and brought up a control stream where he could see all the devices that had installed the game and could inspect them and see all the emails of people who downloaded."

He then put the Android device to sleep and took pictures from the device remotely using his systems. "Normally, you hear a capture sound, but this [malware] had turned off the audio," Bose says. "It took pictures and video and all it looked like the device was asleep."

For EHC, such examples justify IT's strong Security flaws on Android, despite its immense fame among users. "This is a clear call that security cannot be taken for granted. I don't think these [Android security] issues are overblown."

Must Read: Hackers use Android Apps for Sex Extortion by Blackmailing you.

The dangers of Android's fragmentation.

The Android platform also bears the problem of fragmentation -- there are multiple variants of Android in the market, even on popular devices. Manufacturers frequently make their own modifications to Android, so they could be after Google's modern reference release. In addition, vendors may not update their devices' Android version when Google does, or they take months or even years to do the same.
As a result, many people use outdated versions that could be vulnerable to security flaws. "People concentrate on malware for Android, but actually the greater risk is that fragmentation creates different user experiences," says Vinay, Executive Director of Ethical Hackers Club. "This kind of user experiences makes it difficult to educate users about how to take security measures because the experience on every device is different."

The analysis shows that a majority of Android device users worldwide have devices with older versions of the OS, says Vinay Vishwakarma, executive director at Ethical Hackers' Club. "Some of the phones and OS's have many public vulnerabilities on security," he says.
When users have older versions of Android, it clearly means vulnerabilities are left unpatched and new features of the OS are not present. "Maybe you can address the security breaches for the HTC One, for example, but that might not apply to an older Samsung device," Says Bose. The fragmentation issue doubles the chances for attacks ; thus, there's no single security solution that will fit all of Android's variations, he says.

Some Android risks are over-stressed -- and others are underestimated

Experts note that some Android risks are overstated, while others don't get enough attention.

While fragmentation doesn't gain sufficient focus in security assessments, he considers Android malware fears overblown. "Traditional antivirus software vendors often hype up the threat of Android malware," says Bose. While these threats exist in isolated situations where users obtain apps from untrusted, private stores, the threat to users from malware is overstated.

Another Android risk that's overstated is tap-jacking

when an invisible application on top of an app manipulates key features to make purchases without the user's knowledge.

But one risk that's often ignored,  is users' eagerness to hit the Accept button for every permission an app request. Apps should request the least number of permissions possible to function properly, and users should be in the habit of disabling permissions to apps whose functions don't actually need them."

Also Read: Teacher’s Email Hacked, Distributes Porn to Staff, Students and Parents

No comments

Powered by Blogger.