Is your Android phone as secure as you think?
Smartphones have become one of our most prized possessions, with most people treasuring a phone more than any other device. In fact, more than a third of us feel stressed and “cut off” if we’re away from our smartphone, while 29% feel “lost without it”. And as our phones are now so central to our lives, it’s no surprise that they’re jam-packed full of personal information.
Android is the most popular operating system in the world, owning more than 76% of the market share.
If you, like three-quarters of all smartphone owners, own an Android device, you’ve probably used it to connect to everything from social media platforms to bank accounts. Your device also likely contains photographs, conversations and a whole range of other forms of personal data. While it’s very handy to have all this information in your pocket, it also puts your data at risk, particularly if your device is compromised by a third-party.
Wandera’s Mobile Threat Landscape in 2019 report, highlights several security risks associated with Android devices. They found that 1 in 5 Android users allow third-party app installations, increasing the likelihood of malicious software being downloaded onto the smartphone. Furthermore, 57% of Android devices run an operating system (OS) at least two versions behind the most up-to-date one. Wandera concluded that there’s an average of 451 vulnerabilities on each of the mobiles in the sample set, and almost two-thirds are rated “critical” or “high” on the Common Vulnerability Scoring System.
Here, we look into these security risks in more detail and examine the many reasons your Android phone may not be as secure as you think.
The danger behind your Android apps
Your Android has some built-in security features that help protect against cyber threats, though this depends on your model and OS version. For example, Google Play Protect fights harmful apps by performing safety checks through real-time risk assessment of your device, as well as the Google Play Store. However, that doesn’t mean every app hosted on the Play Store is safe to use. Malware will often be repackaged as legitimate apps to increase the odds of you downloading it and inadvertently infecting your device. One of the most notable recent examples of this occurred in June 2019, when a fake WhatsApp program on the Play Store was found. It had been downloaded over a million times before it was taken down, and the developer had even chosen the name “WhatsApp Inc.,” to trick users, and the Play Store, into believing it was genuine.
On top of this, the Play Store could host apps that aren’t intentionally malicious but have gaps and security vulnerabilities in its code. Though Play Protect attempts to keep compromised content out of your hands, its security checks don’t always do the job. In April 2019, researchers found out that malicious software had been downloaded over 30 million times from the Play Store.
There are many usage-based risks which could be putting your data in jeopardy. For instance, though malicious apps can end up on the Play Store, the odds of downloading malware onto your Android are even greater if you download content from a third-party app store. These are called sideloaded apps, which could be risky as these platforms may not apply as much scrutiny to the applications they list.
While an Android’s default configuration stops the downloading and installation of sideloaded apps, it’s possible to permit this by simply changing a setting called ‘unknown sources’, allowing you to download content outside of the Play Store. Alternatively, you could alter the permissions by rooting your phone. Doing so will grant yourself greater access to the operating system and the opportunity to make drastic changes if you see fit. However, rooting also makes it possible for apps to run with admin privileges and, therefore, have the ability to do anything on your phone. If you accidentally give a malicious app these privileges, the privacy implications could be very serious.
Out of date operating systems
Failing to use the most up-to-date OS can also leave your Android vulnerable. A 2018 study revealed that 90% of devices used in the US and Western Europe are running outdated versions, and cybercriminals will often take advantage of any known vulnerabilities to gain unauthorised access to your device. In fact, multiple vulnerabilities were discovered in the OS in 2019, which could allow attackers remote code execution—access to an Android device and the ability to make changes regardless of where the smartphone is geographically located.
Weak password combinations
And of course, your Android is even more likely to be hacked if, like most people in the UK, you’re using a weak password. Hackers could easily work out obvious combinations, especially if they conduct brute-force attacks. These use automated software to generate a huge amount of consecutive passwords at once—typically 100,000 guesses per second. And if you use the same passwords for multiple accounts, that means your data from a range of sources could be compromised.
Bearing in mind that 28% of smartphone users didn’t use a screen lock in 2017, it’s likely that many Android users don’t have passwords securing their devices at all. However, it’s important to remember that passwords are still the bare minimum in terms of device security, so having one isn’t going to be much help when it comes to protecting your Android.
The need for mobile security
Android devices come equipped with full-device encryption, which protects data on your phone by presenting it as scrambled and unreadable to anyone without a password. You must set up a locking system—like a pin, password, or pattern— to activate this. Of course, having a locking system also helps prevent anyone from using your phone if it’s lost or stolen, and you could additionally turn on 2-step verification to add an extra layer of protection over your account data. However, even if you have the most secure Android in the world, your own actions could make your data extremely vulnerable.
As illustrated above, your Android apps can be dangerous in themselves. Even those as credible as WhatsApp—which recently revealed a flaw in its system, allowing hackers access to user devices—could still pose a threat. Pair that with risky user behaviour and your data could be even more susceptible to theft. For instance, you could experience phishing or cryptojacking, in which your device is used to mine cryptocurrencies, if you click on a malicious link through a social media app or website while using your phone.
As there are so many potential threats out there, keeping track of Android’s monthly security bulletins could be useful, as this correspondence includes solutions to any issues affecting your device, as well as security vulnerability details specific to particular products. It’s also worth monitoring the permissions you’ve granted all your apps and turning off any that look suspicious. If you’re allowing an app to do things like read your calendar, call phone numbers, or receive, read and send text messages, think about whether the app could still function without these permissions. If not, consider whether it’s still worth allowing them. And to prevent the risks that come from weak passwords, use a password manager to generate strong combinations, or better yet, implement fingerprint authentication in place of standard log-ins.
This article does not necessarily reflect the opinions of the editors or management of EconoTimes.