Key flaws in Android security and how to protect against them

Android / Mobile

Some of Android’s selling points are also its weaknesses – from the flexibility to download custom apps from outside of the official Google Play app store

For the most part, the kinds of data breaches we read about in the news are the result of human error. People click on a convincing phishing link or fail to install basic security updates that protect computer networks against attack. But it isn’t always clear-cut, and sometimes it’s true that your device manufacturer is letting you down.

While Internet of Things devices like smart speakers and web-connected appliances are often flagged as lacking security, many of us assume that our smartphones are just that – smart. Popular Android phones often come with basic Android security features installed, and they encourage the use of things like lengthy PINs and fingerprint unlock, to keep third parties out.

However, while Apple’s claim that their devices are un-hackable has been proven to be incorrect, it’s fair to say that Android devices tend to come with a wider range of security flaws. Some of Android’s selling points are also its weaknesses — from the flexibility to download custom apps from outside of the official Google Play app store, to the variety in operating system versions from device to device.

Google has recently announced new measures to help ensure the security of Android devices, but if you’ve got one, these are the key points to watch out for.

Update delays

One of the biggest issues regarding the security of Android devices is that of serious software update delays. Google frequently release security patches, which should always be installed as soon as possible after release. The problem is, there are all kinds of customized versions of Android’s operating systems out there — and not all device manufacturers make updates available right away.

Android users should be getting security updates every month, because that’s how often Google shares their patches. Once a patch is out, hackers can see what has changed since the last update and reverse-engineer attacks on devices that haven’t been given the new security updates.

Google has now declared that any Android device with more than 100,000 users must be given at least four security updates in its first year, as well as regular updates after this point. But that isn’t really enough to reassure end users.

If you’re worried about holes in your security, there are a few things you can do to stay protected. Firstly, install and use a decent mobile antivirus package. Something that offers a firewall, file quarantine, and detailed device scans can help to keep malicious activity out – and to flag and remove anything that does get in.

It’s also wise to stay on top of the updates that should be available and to ensure that you take advantage of any and all updates as soon as you can. Don’t be tempted to snooze those installation notifications — software updates are a free security defense, and should be welcomed with haste.

Malicious apps

Fake apps, adware apps, ransomware apps; they can be found in Apple’s App Store as well as the Google Play store, but they are more common in the latter. There are also alternate, unofficial app stores for Android devices – but these should be avoided at all costs.

Android Security
Fake apps, adware apps, ransomware apps; they can be found in Apple’s App Store as well as the Google Play store, but they are more common in the latter (image courtesy Bram Koster).

It’s the open source nature of Android software that creates the issue, despite also being a positive feature in many ways. Google have put measures in place to increase official Play Store security, such as Play Protect, which scans for suspicious app activity, but there are still instances every year of highly convincing malicious apps slipping through the net.

Before downloading a new app, read the reviews and developer information to see if everything adds up. Fake versions of banking and social apps will often have a convincing logo and description, but will be clearly marked as having been developed by somebody other than the company they claim to represent. Major apps should also have plenty of reviews, and versions of world-famous games like Angry Birds that only have half a dozen, could be fakes.

Be wary of apps that request unusual permissions, too. Things as innocent as taxi booking apps have been faked, requesting that users allow the app permissions like message writing and reading emails, along with wanting the input of payment details.

If the permissions an app asks for don’t match up with its intended purpose, delete it. Particularly with shopping and banking apps, where card and bank details are at risk. It’s better to play it safe than be sorry. Fake banking apps have been identified in cyber attacks in 164 different countries, and they’re a growing problem.

Where possible, you should only download Android apps that have been verified by Play Protect — and even then, it doesn’t hurt to be cautious.

Other ways to stay secure

There’s no perfect system for online security because the internet and the devices that connect to it are ever-changing and evolving. However, there are plenty of easy measures to take that can help you avoid disaster.

Having software that’s as up-to-date as possible is a crucial start, along with running regular antivirus scans. But if you spend a lot of time online, it’s important to secure those activities as well as your device itself. Stay aware of the latest security threats, and implement things like Virtual Private Network use to prevent third parties from getting their hands on your data.

VPNs are particularly useful for things like securing online banking, and shopping over unsecured public Wi-Fi, because they add end-to-end encryption to your connection. This means that actions carried out using your Android device have a solid layer of additional security.

On and offline, you should also make sure you’re using truly secure passwords. If in doubt, or if you’re having trouble remembering them all, adopt a password manager to remember them for you. While your phone’s PIN is something you’ll need to remember yourself, a password manager can keep hold of complex passwords to all of your app and email accounts — as well as suggesting new complex passwords to regularly update.

All in all, with minimal input and a little common sense it’s easy to use an Android device — or any device — without putting yourself in the line of fire for hackers and other cybercriminals. Stay well away from unauthorized apps and app stores, sense-check your downloads and embrace security software. With these guards in place, your device should stay working at its best and the data within can be kept just as you intended it to be; private.

What do you think of Android security? Let us know in the comments below or on Google+, Twitter, or Facebook.

This is a guest post and its content does not necessarily reflect the thoughts of Techaeris or its staff.
Comments
To Top