As the Android technology pushes all boundaries of innovations day by day, it brings certain security risks along with it, too. Ever since the world came into a tight fold of current digital age, it is highly important that a safe distance from potential threats should be maintained because no technology can be perfect enough to have no cons. According to Malware Analyst Filip Chytry of Avast, “Smartphones are, however, becoming increasingly interesting for cyber-criminals because users tend to store so much more of their personal data on them than on their PCs, such as photos, videos, SMS, emails, and banking/shopping apps.” With that being said, Android devices pose a lot of security risks which the users are not initially aware of unless their privacy is compromised. So, in order to avoid for inevitable to happen, Android users need be mindful of certain security risks which can exploit their online privacy, and different possibilities to defend themselves against it.
The following are the risks found on just about every Android device:
- Spyware programs
There are a lot of spyware programs that Android devices could be exposed to such as XNSPY, Track my Phone, etc. These spyware programs can easily be installed on Android device via a third-party app stores as an APK file. Since, Android easily allows the installation of such programs, the online privacy of its users remains at risk. Their data becomes accessible to someone else who might possibly want to cause them harm or exploit their personal data. It can also remotely control your device and, thus, able to destroy important data and backups. Identity theft is another risk factor involved with spyware programs on Android because the spying programs can view keystrokes which lets them get access to all your passwords, social security number, and bank details.
How to Defend Against Them?
- Make sure to keep the device locked as physical access by an attacker to your device could facilitate installing spyware programs such as XNSPY and the victim would never know. A simple screen lock code will do the job. However, if you are not being careful enough, Xnspy could access your phone calls, emails, multimedia, location, contacts, and social media activity for people who would be interested in all of that.
- Avoid rooting or jailbreaking the device.
- Use an anti-virus program or security software such as AVG free, Avast and Bitdefender.
- Avoid public Wi-Fi Networks.
- Do not keep your Bluetooth on unless necessary.
- Install your updates regularly.
- Verify apps through simple research; look for app developer’s name on google, read the reviews, check the number of times app was downloaded, and rating on the app store.
- Do not click on random links.
- Do not save your sensitive data online especially social security number, bank passwords, credit card pin, etc.
- Exploitation of System’s Vulnerabilities
At times, Android devices come with built-in vulnerabilities which can be exploited by external entities to steal data and put them at risk. Certain system vulnerabilities that could cause major security breaches include Stagefright (MMS Flaw) and QuadRooter.
- Stagefright vulnerability allows access to the attacker to execute random code by sending malicious content through MMS to any Android device. The executed code could still run undetected without the malicious MMS being opened. It affected all the Android versions up to 5.1.
Another high-security risk found in Android was QuadRooter.
- QuadRooter, as expected from the name, was a vulnerability found in a set of four which directly affected all the Android devices assembled using the Qualcomm chipsets. If those vulnerabilities were to be exploited, the attacker could gain complete, root access to the device. Malicious apps can be used to exploit these vulnerabilities and these apps will show no sign of suspicion.
How to Defend Against Them?
- These vulnerabilities are pre-installed in the Android devices which can only be fixed by installing the patch issued from the carrier. So, our suggestion is that you keep your device updated as the patches are distributed with the latest security updates.
- In the case of Stagefright, contact your carrier to deactivate the auto-MMS service; it prevents the vulnerability to be exploited.
- Avoid activating MMS service manually.
- Third-Party App Stores
Android devices have their official app store called the Play Store from which Android users can safely download applications. But sometimes, certain apps are restricted in other countries and those users who want to gain access to those restricted apps, use third-party app stores to download them. Also, some apps are high-priced on play store so, their cheaper alternatives (cracked versions) are available on third-party app stores which encourage users to buy the cheaper ones. When people download these applications, they do not consider the fact that the developers of these third-party app stores do not maintain any checks and balances of the applications that are uploaded on their sites. These applications tend to contain malware that can place your personal data at the disposal of potential harm.
How to Defend Against Them?
- The best and the most appropriate way to avoid security risk from such third-party app stores is to avoid using them. The bargain they offer comes with a price that one will not wish to pay. Therefore, stick to the legitimate products verified by your device operating system.
- Make sure that the app developer’s name is accurate through a quick Google search as many scammers offer phony versions of apps through third-party app stores.
- Take a detailed look at the review section of the product and look for expert reviews. If any review indicates that app is faulty then avoid downloading it.
- Finally, the device should be updated with the latest operating system and an activated antivirus.
- Phishing Attacks
The attackers sneak their way into Android devices through malicious links posing to offer something in return if the user downloads or clicks the link. These attacks are bound to cause harm to the user as it seeks to exploit personal data. Most of these attacks are delivered through emails and are known as spear phishing which is a precursor to a far more dangerous advanced attack. According to a report by a security firm FireEye, spear phishing is targeted which is why it works. The attackers research their victim’s personal information such as their work details, home address, their social media, etc. The same report also explains, “People open 3% of their spam and 70% of spear-phishing attempts. And 50% of those who open the spear-phishing emails click on the links within the email—compared to 5% for mass mailings—and they click on those links within an hour of receipt. A campaign of 10 emails has a 90% chance of snaring its target. If you do not recognize a spear-phishing attack, you may not realize you are losing data until it’s too late. By focusing on a particular person, cyber attackers can eventually gain direct or indirect access to critical data, including bank accounts, computer system passwords, work credentials, and security clearances.”
As many people prefer checking their emails through their phones, Android users are inevitably vulnerable to these attacks.
How to Defend Against Them?
- People should be able to recognize, avoid and report suspicious emails.
- Create different, strong and complex passwords for different accounts.
- Only click those links within emails which are from authentic websites. If an organization, such as a bank, requests to fulfill any requirement that involves clicking links and entering credentials, do not hesitate to immediately contact your bank directly through their official website or by calling them. It’s best to always assume the worst when it comes to following links.
- Carefully share data on social media and avoid posting unnecessary personal information.
- Banking Trojans
The security measures in banking technologies are evolving and improving day by day to avoid potential threats but the attackers are also advancing their technology to avoid detection. That is how some attackers have found their way to sneak into official Android marketplace to distribute Banking Trojans. According to a report by Kaspersky Lab, “Over 98% of mobile banking attacks target Android devices.” The malware is distributed through fake apps and when users open these apps after installation it gives an error which might resemble the screenshot below:
When the app has “removed” itself on its own, it tends to still run in the background, hidden from the victim’s view while exploiting confidential data stored in the device such as private banking details. But, at times these apps may as well provide promised functionality while extracting the victim’s banking data. Some of these fake apps are listed below:
- Power Manager
- Astro Plus
- Master Cleaner – CPU Booster
- Master Clean – Power Booster
- Super Boost Cleaner
- Super Fast Cleaner
- Daily Horoscope For All Zodiac Signs
- Daily Horoscope Free – Horoscope Compatibility
- Phone Booster – Clean Master
- Speed Cleaner – CPU Cooler
- Ultra Phone Booster
- Free Daily Horoscope 2019
- Free Daily Horoscope Plus – Astrology Online
- Phone Power Booster
- Ultra Cleaner – Power Boost
- Daily Horoscope – Astrological Forecast
- Horoscope 2018
- Boost Your Phone
- Phone Cleaner – Booster, Optimizer
- Clean Master Pro Booster 2018
- Clean Master – Booster Pro
- BoostFX. Android cleaner
- Daily Horoscope
- Personal Horoscope
From the list above, it can be observed that most of these apps offer services which are necessarily not required by the Android OS such as speed boosting and clean master apps. On the other hand, apps such as related to daily horoscopes provide generic predictions which are available throughout the web.
Many people have fallen victim to these apps and even though Google had all of them removed along with thousands of other fake apps, attackers can and will find their way back. As Android is a completely open operating system, it makes it risky and vulnerable to potential threats. “Unlike Microsoft Windows Phone or Apple iOS, there is no walled garden, and this leads to potential security vulnerabilities when not managed coherently,” says Andrew Borg, research director for enterprise mobility and collaboration at Aberdeen. So, it is always helpful to be careful of what you download from the Play Store.
How to Defend Against Them?
- If anyone currently possesses any of those fake apps, they must delete them from their devices. Sometimes, when phony apps are downloaded, they can automatically download malicious apps to the device that are hidden from the victim’s view. Therefore, make sure to check the installed apps list from settings and uninstall any suspicious apps.
- Also, when downloading apps from the Google Play store, look at the reviews, the number of downloads, and app ratings. If there is anything to be suspicious about then do not install it.
- Whenever apps ask for user’s permission to access data, carefully assess what authorizations are being allowed to the app.
- Use reliable mobile security software to timely detect and get rid of possible banking Trojans.
- As suggested previously in the article, never forget to keep devices up-to-date with the latest version of Android.
Ransomware has been communal in PCs but now attackers are targeting mobile phones and more specifically, Android users. A malware named DoubleLocker is launched through fake Adobe Flash Player from compromised sources and when it is installed, the user is asked to give access to the application in order to launch, after the access is granted, the attacker uses it to gain access to administrator rights and sets itself as the default home application without the victim’s knowledge. “Setting itself as a default home app – a launcher – is a trick that improves the malware’s persistence. Whenever the user clicks on the home button, the ransomware gets activated and the device gets locked again. Thanks to using the accessibility service, the user doesn’t know that they launch malware by hitting Home,” elucidates Lukáš Štefanko, the ESET malware researcher who discovered DoubleLocker.
Once the attacker has full access to the device, it blocks out the victim from accessing it by changing the lock on the phone and encrypts all the data. The victim is intimidated to pay ransom through cryptocurrency, mostly Bitcoin or through credit card, otherwise their data could be compromised. Initially, the attackers would target individuals for such attacks but quite recently, businesses have been targeted for ransomware and many have financially suffered losses through such attacks.
How to Defend Against them?
- Avoid paying the ransom amount as it will encourage cybercriminals to attack more individuals and businesses.
- Invest in an efficient cybersecurity program that will protect the device from malwares.
- Avoid installing applications from compromised sources to save a few bucks.
- Create secure backups of data on regular basis, either on USBs or hard drive or on cloud storage, that demands high-level encryption and multiple-factor authentication.
- Most importantly, stay alert! Be aware of the malicious content that’s spread online and use common sense if anything seems suspicious.