The Biggest Security Issues on Android Devices
Security on the Android OS is one of the most serious issues that Google’s operating system faces. Most Android devices do not receive security updates, and antivirus applications available on the Play Store do not constitute a solution, and cannot help. So, are our devices running Android at risk?
- There are many Android devices
- The most dangerous versions of the OS
- The biggest security issues in Android
- Signs that your device has been infected
- Reducing security risks in Android
- The limited capabilities of antivirus apps
Google has stated that there are about 1.6 billion Android devices all around the globe. This number, however, may be substantially bigger, according to new surveys.
More or less, Google's operating system holds a share on the global mobile market that amounts to 86.2%. Apple’s iOS is second, with a share of 12.9%.
One of the biggest problems with security in Android is the fragmentation of the operating system’s versions.
There are so many versions that it’s very easy for malware attacks to choose a target. Unlike other operating where users in their majority upgrade their device to the latest version of its operating system, Android users do not perform that action.
In this of course contributes the hardware limitations of many devices, as new Android versions are released with increased hardware requirements. In addition, many large companies have the policy of ceasing support and providing updates for earlier models due to increased hardware demands.
However, in May 2016, the biggest amount of Android owners (32.5%) had an older version, KitKat. The newer version, Marshmallow, ranked fifth with a low percentage of 7.5%.
In July 2016, a group of experts on Android security issues recorded a worrying trend of malware attacks. It was found that more than 10 million Android devices were already infected within a short time.
90% of these devices were operating with older KitKat and Jelly Bean version, which makes them objectively the most dangerous devices for malware attacks. This confirms the problem with many active versions, especially the newer ones.
The open-source nature of Android, the ease which apps can be created with, and the wide variety of markets outside the Play Store, have raised problems related to security on Android.
Google’s operating system has become the most attractive target for malicious software, tending to surpass Windows on laptops. In late 2014, infection percentages between Android devices and Windows laptops were at the same level.
It can be easily assumed that risks which threaten Android’s ecosystem daily derive from the web and apps.
Web threats are a constant threat to Android devices, due to the fact that users are constantly connected to the internet. An unwary visit to a harmful website may infect your device with malware.
Additionally, there is also the threat of phishing aimed at Android owners, which works similarly as in PC and Mac computers.
In the phishing method, attackers use text, emails, and social media services, to fool users into giving them out sensitive data.
The greatest risks are malware infections. These kinds of malicious software are designed to take control of the Android device.
Usually, this risk exists when downloading applications- especially when not downloading them from the Play Store. These malware threats are increasing alarmingly; it has been reported that 2016 will be the year with the most malware appearances on Android devices.
Experts estimate that 9468 new malware appear daily on average. This means that a new malware appears every 9 seconds.
You can click here to see an overview of the current threats.
The most widespread and well-known malware threats have been classified as high risk threats.
This is one of the larger kinds of threats.
This type of malware exploits security vulnerabilities on the Android OS, which allows total access (root) on the device.
The most recent of these threats is QuadRooter, affecting 900 million Android smartphone and tablet devices with Qualcomm processors.
The serious problem resulting from Trojans on Android, is malware which use the "Trojan horse" technique and appear as legitimate software.
A Trojan SMS for example, can send messages to phone numbers without you knowing.
The unfortunate thing with this threat is that it has been found in the Play Store’s apps as well.
An adware app, such as the Superfish, can automatically generate ads in order to provide a revenue stream for the author.
It can also be used to collect marketing information without the user's consent.
In April 2016, 100 dangerous adware apps were found in the Play store.
It is one of the most abhorrent and dangerous kinds of malware. Ransomware is a type of malware that presents a false tab on the device’s screen while you’re filling in the details of your credit card when making on the Play Store.
Then these details are sent (without your knowledge of course) to the cyber criminals who created it.
Even worse, in 2014 in the US, UK, and Russia, a massive ransomware attack named Svpeng took place, and locked thousands of infected devices. Then it asked for "ransom" in order to unlock these Android devices.
Google, however, recently announced that the upcoming version of Android 7.0 Nougat will block ransomware attacks and will drastically reduce this kind of threat.
It is worth mentioning this threat which appeared very recently, on September 14, 2016.
More specifically, Kaspersky Lab’s experts announced in mid-September a new malware which was discovered in Google Play store, called “Pokémon Go Guide”.
This malicious application acquired full control of the device, and was downloaded more than 500,000 times. It is estimated that more than 6000 devices have been infected, and of course Google removed it recently.
Malware lurk in every corner of the internet, such as when you download apps from the Play Store, but especially from other stores. They are constant threats, and there is a serious possibility that your device can become infected without you knowing it.
Most malware collect account details, credit card details, contact lists, etc. Once they collect information, they use your data connection to upload it to the person who created it.
If your internet data connection is turned on constantly, and unexplained data consumption occurs, it may be from malware infection.
In any case, it is necessary to always observe your data usage, whether you have been infected or not. You can achieve this through the Android device’s settings, in the data usage settings menu. If you see that an app consumes a lot of data without you using it, then you should probably delete it.
If you are infected, the problem will remain in the WiFi connection as well.
In this case and in all other identified signs of infection, a malware scan is necessary. One of the most appropriate solutions which is well-known by its effectiveness in computers is Malwarebytes Anti-Malware.
It is common for most middle class Android devices to become slower after several months of use. If this slowing-down occurs in high-end devices, which remains even after a reboot, it is sign of malware infection.
Most malware are designed to attack in the background. This makes the device continuously active, so there is a drastic decrease in battery life.
More severe cases of malware infections drain battery much more quickly than mild cases. If there is a sudden, constant and unusual battery drop, there’s a high chance that your device has been infected.
There are many times where you cannot make phone calls due to low signal.
If this phenomenon becomes more intense and frequent, a malware infection may be the reason.
The only way to completely prevent malware in Android devices, is not to download applications, as well as not connect to the internet too. However, this is practically impossible.
What can be done however is combine common sense and control, in order to minimize the chances of a malware infection.
The risk of malware will decrease if you do not allow installation of applications from sources other than Google Play. If the app is not downloaded from the Play Store, then you must be absolutely sure that it’s clean from malware before installing it.
Additionally, you should check frequently if you have given administrator rights unknowingly to any app. In this case, uncheck applications that you do not trust, and if necessary, delete those that you do not need.
If your device is able to receive updates for the operating system, you should immediately install them.
The newer the Android version is in your device, the lower the chances of a malware infection are.
It is tempting to root your device in order to access certain applications or services.
However, by rooting the device you also reduce even further the already problematic security on Android. If you are determined to root, be ready for more malware attacks.
If your Android device has data encryption features, it is a good idea to use them.
By encrypting your data, malware attacks aimed at collecting valuable information will be drastically reduced.
If the device doesn’t have encryption features, it is important not to store data related to accounts and bank cards. In addition, avoid storing information associated with other critical personal data.
When you find a new application that you want to download, it is advisable to read reviews from other users first. If the app has specific issues, it will be confirmed by the users’ comments.
If there are no comments yet, maybe you should wait and not take any risks.
Experts on Android security claim that if the device is infected with malicious software aimed at rooting, it is uncertain that the infection will be removed if the app is uninstalled.
The only safe way to permanently get rid of the infection is to back up all data and restore the device to factory settings.
All antivirus apps come into effect only after you have already fallen victim to malware. What they can provide is scanning and information that you have been infected.
It is no coincidence that Adrian Ludwig, lead engineer for Android security at Google, said that all antivirus apps are almost useless.
The company insists that newer Android versions have built a strong virus protection system and stresses out that users do not have particular benefits of these antivirus applications.
However, the contradiction in this case is that Google recently confirmed with the official announcement that 420 million Android devices are exposed because they do not receive security updates. Experts believe that there is no way to guarantee that the company will send security updates to those devices.
However, large companies such as Samsung perform actions like these autonomously, and of course Nexus devices receive security updates directly from Google.
However, some antivirus apps might be handy. The daily scans that they provide are relatively helpful and more than necessary.
If nothing else, the user can be notified of a malware infection.
In many cases, these notifications may relate to applications that we need, providing a false sense of security.
Such kinds of apps are the “locate lost phone” apps, or a VPN, in which you give admin rights.
Moreover, most antivirus applications negatively affect the battery, greatly reducing its duration.
It’s true that security issues on Android do exist, and pose a greater threat to you and all users than it’s commonly believed. What is your opinion on the subject? Let us know your thoughts in the comments section below!
On a related note, you can have a look at our round-up of The Most Common Issues In Smartphones And How To Deal With Them.