Android Security Threats
Since Android is an open source and a completely free mobile operating system, it has gained a lot of popularity in a short time period and today it stands close to “once upon a time” top players like Symbian and Windows mobile in this arena. According to research reports, smartphone sales globally will reach more than 450 million units in 2011 and Android seems to become the most popular operating system worldwide. It is expected to account for 49 percent of the smartphone market by 2012.
With the advent of smartphones, human lives have become a whole lot simpler. Nowadays, people carry their whole world in their smartphones — be it their pictures, music, or contacts, and with the adoption of applications, their bank accounts and money as well. Smartphones being portable have entered almost every walk of life and have also become a crucial part of any person’s life.
Android’s popularity has attracted many app developers along with non-social elements as well. This has led to a long list of threats that have today cropped up for Android.
Although many new and old Android users are aware about some of these threats but there are still many other users who are unaware of these threats thereby keeping these threats and the people behind it in business.
According to the Panda labs’ Quarterly threat report 2011, “Android is becoming the dominant platform of mobile computing and is likely to win the tablet market shortly. Additionally, there is increasing concern about cell phone security, and research studies and proof-of concepts reporting security problems have multiplied over the last few months.
“Cyber-crooks are beginning to realize the existence of an emerging market they are willing to exploit, and are trying new techniques while continuing to use proven strategies, like using malware to get infected phones to send SMS text messages to premium rate numbers.”
With the ever changing technology the smartphone threat portfolio has also evolved affecting a large number of users everyday.
“People carry more and more personal information in these smartphones. No matter whether it is Android, iOS, Microsoft Windows Mobile or Symbian platform, you have to be aware that mobile/smartphone are prone to viruses, SMS Spam, Spyware or simply data loss if your device is lost, stolen or hacked,” said Pankaj Jain, spokesperson, ESET India, which makes mobile software.
He also added: “Security analysts predict there will be 17 billion smartphone apps downloaded by the end of 2011. It is an almost impossible task to track them. In case of Android which is an open source platform (i.e. almost anyone can create and modify application for the smartphones which can then be offered for download on the internet or the Android Marketplace), more than 840 apps out of 10,000 downloaded from the Android Market are leaking personal information.”
Third party applications are one of the major contributors towards the increase in the number of threats for the Android operating system.
“To some degree, the third party application stores are responsible for increase in the number of security threats as there is lack of accountability. A lot of these app-stores don’t require much information to sign up and publish an application. Secondly there is lack of testing; some of these app-stores don’t have testing processes to guarantee certain minimum level of acceptance has been met,” said Charles Yong, director – product management, Affle, a software manufacturer.
Along with the third party application, the Android application market threat reporting tool itself is one of the main reasons for the increase in the number of threats.
“The Android Market relies on the community to identify and flag applications that either malfunction or are malicious in nature. This would imply that there will always be a window where a number of consumers would need to use, test and determine if an application is malicious before it could be removed from the Market. This has already occurred in the instance of a bank phishing application that was published by an author by the name of Droid09,” said S Mobile Systems in an analysis.
Not only due to vulnerabilities in the application but due to negligence have people become victim of such attacks. Due to a large number of application and most of them being free versions, people have deliberately stared ignoring what permissions applications ask for and they simply install the applications. And with the option of installing application of the external memory being added in all Android versions over 2.2, people have started installing multiple applications on the devices while many of them stay dormant in the device.
“What is happening in practice, you download an app, use it a few minutes and forget it. But it stays in the background potentially harvesting your personal information you have typed or touched. ESET researches reported about a malware proof-of-concept that listened to the touch-tones being typed on the keypad representing credit card information being entered, and reported it back to the malware’s mother ship,” Pankaj Jain of ESET pointed out.
Now, with the rise in banking transactions through mobile phones, we expect to discover more mobile banking malware. However, not many banks in India provide this option yet. And since online fraud makes sense only in case of big numbers, attacking mobile bankers is not yet an effective fraud operation. But it is going to change shortly,” Jain added.
According to the Malicious Mobile Threats Report 2011 of Juniper research, the single greatest distribution point for mobile malware is through application downloads, yet the vast majority of smartphone users are not employing an anti-virus solution on their mobile device to scan for malware.
The Android smartphone users need to take some simple steps and be careful during their smartphone usage. Especially, they need to think before tapping on unknown links to ensure their devices remain safe all the time. And they need to make sure to read all the information and check the authenticity of the application to ensure the safety of his/her privacy and security.
“First of all there are simple things to know when using smartphone. If you’re installing an app, it shouldn’t be asking for permission to access the nooks of your Android. You should download apps directly from the native Market, and it’s always better to first check user-generated ratings there. It will give you the idea about the quality of the app and its troubles. So just simply think for two minutes, not one, before downloading and installing an app. Also be careful about allowing escalated privileges to the app, read the pop-ups instead of just clicking along until it installs.” Suggests Pankaj
Besides, the Android users should also install a good quality anti-virus solution on their device. The anti-virus program should be carefully selected from hundreds of free and paid software’s out there in the Android market. The best software for your device is the one that protects you from various threats available today in the form of spam SMS, trojan installers, viruses, spyware, adware, rootkit infections, worms and other unidentified malicious mobile software. It should also be able to scan all information coming via WiFi and Bluetooth to protect the user.
Application developers such as Affle also make sure from their side at least that there are no loose ends left which could result in security vulnerabilities. “Apart from just providing a secure application, they also make use of encryption for the data that is generated by the application and for the servers as well which process that data. This in turn leaves no chance for the hackers to gain access to user’s information or the data being transmitted by the application to Affle’s data processing centers,” said Charles Yong of Affle.