“We will have succeeded when Obama is using Android”
- Adrian Ludwig, Head of Android security at Google
Why is Android security so important in this day and age?Before Android fans get triggered and rant over the fact that the iOS platform has plentiful security issues of its own, there’s a reason why an iPhone is still more secure than Android. Apple’s annoying closed-circuit design (internally-controlled hardware, software, and firmware) is the very reason the Cupertino company is able to manage “stronger” security. In all fairness, while Android’s open-source platform is the very reason it suffers heavily due to the security breaches, there’s too much to love about it that makes it worth all of it. Whereas the vulnerabilities like CORED (password-stealing bug), Wirelurker (USB-infested iOS/Mac virus), and others are perfect examples that even an ironclad closed-system is not hacker proof.
Increasing cyber attacks on mobile devicesIn the past couple of years itself, Android has made the headlines in the security news in multitudes, thanks to some significantly large vulnerabilities. While security flaws unveiled by experts like TowelRoot and Android Installer hacking have been swept under the rug, two considerably larger exploits that affected millions of Android devices were highly scrutinized. Stagefright: Affecting all Android devices running Android 5.1 Lollipop and higher, Stagefright is considered to be one of the most notorious exploits ever made for mobile devices. The exploit would target the MMS media playback feature of Android devices, where it could be sent to any device and even become invisible by automatically deleting itself. While the issue was fixed by Google for its Nexus range of devices, other Android devices were either updated by the carriers or the MMS capability was blocked entirely. QuadRooter: Exposed to the public just back in August 2016, QuadRooter is a vulnerability that causes fundamental fragmentation, but isn’t related to Android OS directly. Caused by a vulnerability in the Qualcomm LTE modems found in around 80% of Android devices, the vulnerability cannot be fixed on a software level by Google.
Older threats have become strongerWhile these sinister hacks and exploits might not make it to the mainstream user to affect the larger population, global security experts still believe the biggest threats to Android security to be lost/stolen device and misuse of apps. Not only do our devices hold large quantities of personal data, but also the identities of other we’re connected to. As technology becomes intertwined with how we do business, handle finances, and even keep medical records, the sensitive information is now digitally accessible. With a massive collection of data harbored on the system and apps on your Android device, it is much easier for hackers to gain access to a large pool of data through just one window.
Businesses are going online, and so are corporate hackersEvery major security institute in the world has reported on the increasingly volatile situation of mobile security, with mobile malware increasing around 75% in the past three years. The security threat spreads out to not just your personal life, but your profession and business as well since everything is connected to your mobile device. There is a newly-formed threat of “malvertising”, which essentially means the practice of spreading malicious data through banner and pop-up ads, sounds familiar? Moreover, ransomware attacks where the hackers just straight up bribe you to retrieve your own data is capable of taking down your entire business network.
How can I step up my Android security?At this point, you might some serious worries about how to use your Android device without being a victim to the web of hackers and malicious exploits out there. As we venture into the world of mobile payment with Android Pay, the thought of having your personal account data stolen can be unnerving. While in a perfect world you could just make these hackers leave your Android data alone, there are plenty of ways to give these malicious exploiters the figurative middle finger. A robust Android antivirus app is definitely an iron dome against any malware, and we will give you some of the best antivirus apps for Android to choose from later on. But before you install the last line of defense for Android security, here are some invaluable tips to keep Android safe and secure from top to bottom:
Android security starts at the lock screenSince most identity and data thefts still happen on a physical level, having a strong security wall right on the Android lock screen is essential. Fortunately, fingerprint scanners have found their way to mainstream Android devices, which doubles down the security. While devices like the ill-fated Galaxy Note 7 and the upcoming Galaxy S8 are bringing the technology of iris scanning to the mix. Making Android security app-oriented, you can even choose to lock specific apps on your device as an added layer of protection against those prying eyes.
Google Play Store is your friendThe fantastic open-source environment of Android not only offers a world of customization but allows you to sideload apps as well. This means that you can simply turn on the Unknown Sources feature from the Security tab in the Settings and directly install .APK files to your Android device. While this feature is important for developers and beta-testers before releasing the app to the public, it is also an effective way for you to get your hands on paid apps. While it is tempting to download a game that costs a couple bucks on the Google Play Store for free, the .APK file could’ve been easily modified to mess up your device and steal your personal data. To keep your Android device safe from those troublesome malware and adware apps, just turn off the Unknown Sources option from Security->Settings, and stick to the Google Play Store to download all your apps.
Consider not rooting/unrooting your AndroidFor some of us, the idea of not having root access to the mini-computer in our back pocket and unleashing its full potential seems absurd. As much as we love what possibilities rooting brings with some apps like the Xposed Framework, someone who doesn’t know exactly what they’re doing with the rooted phone could end up doing more harm than good. If you end up installing a harmful app that comes with malicious code, it couldn’t wreak much havoc on a non-rooted phone, thanks to the superuser limitations. However, on a rooted device, the malware wouldn’t require permission to reach into sensitive data on your Android device. Moreover, rooting your Android in most cases requires unlocking your bootloader, which again, makes it easier for someone to gain access to the phone data physically. Unless you really need the root access and you’re certain about what you’re doing, consider not rooting your device or simply unroot your Android.
Regular Android security updates make a huge differenceThere is a reason why all the U.S. intelligence agencies were freaking out over the fact that President Donald Trump was using an old Samsung Galaxy S3 in the White House. Considering the device was around 5 years old, it was probably way past Samsung’s update cycle, which made it easy pickings for the new and modern malware and vulnerability exploits. If you aren’t among those who buy the latest Android flagship when it comes out, security updates tend to go out of style very soon. While Google has a shining reputation for release Android security updates every month for its Nexus and the new Pixel devices, OEM brands like Samsung, LG, HTC, Sony, and others need some time to add their own bug fixes and optimizations to the security patch. As your device gets older, these security updates become ever rare, and some mid-range devices are never updated after their initial release. Unless you are planning to surf through mobile devices every year, put your faith in an Android OEM that not only is known for keeping its devices up to date but will continue to do so for at least a couple of years.
Flashing an infected ROM can be the end of your AndroidFor some us who are looking to enable advanced calling features on their Samsung Galaxy device, flashing ROM from a different region is the only way out. However, malware has also been known to make its way to modified ROM files, which gets to the root of your device as soon as you flash it. Rather than sending your device to an early grave, make sure that you only download ROM files from verified sources such as the Updato Samsung Firmware platform. Without any sign-ups, annoying form submission or speed restrictions, Updato offers you the ability to find and download every Samsung firmware ever released across different regions.
The last line of defense – Android antivirus and security appsWith the increasing malware threats, it can be impossible to keep a track on all the files you’re downloading and all the apps you install. Having a rock-solid Android antivirus to make sure that no malicious material makes its way to the Android system is the last element you need for complete peace of mind.
360 Security – Antivirus Boost
ESET Mobile Security and Antivirus
Lookout Security & Antivirus
Kaspersky Antivirus & Security