The increasing pervasiveness of mobile devices means that they are being actively targeted by cyber criminals and malware writers. Security companies are seeing lots of activity in this area, and Android is firmly fixed as the largest target of malware peddlers. The result is that Android phones are vulnerable to attack, but nevertheless, there are things you can do to protect yourself. Most Android vulnerabilities can be managed and attacks avoided.
Here is a list of three ways your Android phone is vulnerable and what you can do about it.
1. Text Messaging
Text messages are ubiquitous and have a high read rate among users. They also have a high trust factor, with users willing to follow links provided in the text. As a result, hackers can trick mobile users into clicking a link, which in turn installs malware onto the Android phone.
At a recent conference, a security company called Crowdstrike demonstrated a weakness in WebKit (the HTML rendering engine used on Android) that allows attackers to take full control of Android 2.2 phones. As part of the demonstration, a text message was sent to users inviting them to follow a link (with an appropriate bait). Once clicked, the phone was infected with malware.
Action: Don’t follow links in text messages, unless you are sure about their authenticity. This also applies to emails and QR codes.
2. Malicious Apps
The majority of users download apps for their Android phones from an “app store.” The most popular are Google Play and the Amazon Appstore, however there are many alternatives. The problem with app stores is that the submission process can be very lackadaisical, meaning that rogue apps that carry malware can easily get in and masquerade as valid apps.
These malicious apps do a variety of different things, but one of the most popular malware types are those that secretly send text messages to premium numbers, running up big bills for the user and raking in piles of cash for the cyber criminal. Google is starting to fix this problem with the introduction of Bouncer, a system that rejects apps from Google Play if found to be carrying malware.
Action: Use a reputable app store, read apps reviews, and take careful note of the permissions an app requires.
3. Application vulnerabilities
All software has bugs. It is a fact of life. Normally, these coding errors don’t affect us too much – the occasional reboot, an app freezes once in a while. Nothing too drastic. However, when apps have bugs which expose our phones to attack or reveal private information, things get a bit more serious. Apps like Google Wallet, Adobe Flash, and Skype have all fallen foul to software bugs which expose personal data or provide a door for hackers to install malware.
Action: Only install the apps you actually need. Having three apps which all do the same thing just increases your exposure. Don’t install every new social networking app that is published. It is also important to keep the apps up to date and install new versions as soon as they become available.
Your mobile phone is an important device, guard it well. Be wary of what links you follow, use trustworthy sources to download apps, and keep those apps up to date.
What other measures do you employ to keep your precious Android phone safe?