If you are like many people, you treat your mobile device a lot like a computer. You make phone calls, access social media, do your banking, play games and even create and share documents. Given the level of sensitive information you store and access on your device, you would think security would be a top concern. Yet most people do whatever they want on their devices, whenever and wherever they want, without giving much thought to security. That’s a big mistake.
The threat of mobile malware has been increasing steadily in recent years, especially on Android devices. By some estimates, almost 97 percent of mobile malware is Android-based, and thousands of devices worldwide have been infected. While the overall percentage of infected mobile devices is far less than that of computers, the numbers are growing, which has security experts concerned. In fact, two recent studies underscore the need for users to employ an Android security solution to protect their sensitive data.
As most of you might know, the constant griefing that malware and viruses cause has been a plague for the personal computer for a long time and has cost companies millions. Not only to restore what was corrupted or destroyed, but also to build up a secure enough protection level where they are able to store and access their data while knowing they are doing so without the overhanging risk of being compromised. This griefing has now been migrated to the Android OS (and other mobile operating systems as well.)
Infected Apps Are a Growing Problem
The problem of infected applications has long been a concern for Android users. Although responsible users know it is best to only download apps from the Google Play Store, even those apps are not always entirely safe. According to one study, one in every 1,000 apps in the Google Play Store either has malware or had it at some point. Other sources of applications, primarily those from the Middle East and Asia, had even higher amounts of infected applications: About one-third of the apps from stores like eoeMarket and Mumayi contain malicious code.
However, the application does not have to contain malware in order to create a security risk. The design of the app itself can create a privacy or security risk that must be mitigated by strong antivirus protection. In fact, a study released in January 2014 revealed 92 percent of the most popular applications on the market contain flaws creating privacy and security risks, most commonly using non-secure communication protocols.
Other problems include communicating with blacklisted domains, working with disreputable developers and the ability to load external applications without the user’s knowledge or permission.
Researchers note many of the risks can be mitigated by reading the terms and conditions before downloading apps, and avoiding unsafe downloads whenever possible. However, this does not address a potentially larger problem for Android security.
Updates Increase Risk
One of the best practices for maintaining Android security has always been to update the operating system whenever necessary. Most users are prompted to run the update when it is available, and encouraged to do it as soon as possible to mitigate any risk of vulnerability from using an out-of-date platform.
However, research conducted by scientists at Microsoft and Indiana University Bloomington have discovered the process of updating the Android platform can actually create security vulnerabilities. Essentially, when a device is updated, it replaces old files and adds new ones on a live system, all while trying to maintain the integrity of existing applications on the device. Because of the complexity involved with maintaining each Android application’s own sandbox and the privileges it has, it is possible for an update to inadvertently create security vulnerabilities.
Escalating Permissions: A Big Problem
The biggest risk, researchers found, was the problem of escalating permissions. When a user installs an app on a particular version of the operating system, the Android app is granted a specific set of permissions. However, it is possible for the application developer to write an application in such a way that it gets additional permissions on newer versions of the operating system — without the user’s knowledge. The result, known as a pileup flaw, is while the user believes he or she is doing the right thing by updating the system, the actual result could be a significant security vulnerability and lead to the loss of data.
Google is aware of the issue with pileup flaws, and has already issued patches to address some of the issues leading to this problem. There are also applications in development designed to scan the Android device’s applications for instances where permissions have been inappropriately escalated.
Still, the fact devices have this vulnerability, and the proliferation of malicious applications underscores the importance of installing robust mobile malware protection. The information contained on your mobile device is far too precious to be left to chance, and an anti-malware program will provide peace of mind.
Increased Threats Through Android OS Apps