Android is enjoying an exponential growth. It’s estimated that Android Smartphone shipments exceeded the 1 billion mark in 2013. But this open-source platform has numerous security issues. Users are advised to step up their security awareness.
The Android mobile platform made its entry into the smartphone market in late 2008. Despite lagging behind iOS and Windows Mobile for a couple of years, it is now the leading platform worldwide (over 80% market share in Q3 of 2013).
Frequently changing passwords, using Android in-built security features and installing anti-virus programs are very useful and always recommended. But for extensive protection you can and should do more. Lets take a closer look.
1 – BE VERY CAREFUL WITH YOUR APPS
Many users install unofficial apps from underground marketplaces. This installation of pirate .APK files is called “sideloading”. While these “cracked” apps are available for free, the security risks are very high. Users are advised to download apps only from Google Play after defining a pre-purchase PIN.
Users must also exercise extreme caution during the installation process. The permissions stage prior to the installation process should not be neglected. Rogue apps usually ask for unneeded access to the deepest of phone resources. Also research the publisher of the app and check other apps they are offering.
2 – REFRAIN FROM INSTALLING CUSTOM ROMS
Android, being an open source platform, is very customizable. The underground market is full of third-party ROM’s claiming to boost performance and improve the user-experience. But Android owners must be aware of the fact that these “cooked” ROM’s are not safe and consist of many exploitable loopholes.
Official ROM’s come with system partitions marked RO (Read-Only). But the after-market ROM’s change that crucial setting to RW (Re-Write). The modification of system data then becomes very easy. This permission is virtually an open invitation to malware and viruses that can easily exploit the device.
3 – AVOID UNKNOWN PUBLIC WiFi HOTSPOTS
Android users who hook on to unknown public WiFi hotspots are in extreme danger. The market is full of spyware products that can be easily used to tap into your phone once you are using the hacker-created network. Free WiFi internet is enticing and often very convenient, but is it really worth the risk?
It’s also recommended to keep an eye on the type of encryptions. If you see WEP (Wired Equivalent Privacy), you are probably in trouble. This is a decade-old system that is not safe by any stretch. WPA (WiFi Protected Access) and the more recent WPA2 are much more effective security technologies.
Needless to say, developers too must sell and distribute safe software only.
This can be achieved by having a secure SDLC and closing as many loopholes as possible with proper security scanning, specifically Static Application Security Testing (SAST) and Source Code Analysis (SCA). Ensuring transport layer security, good encryption standards and sandboxing are also highly recommended.
Have a safe 2014!
Source 1 – Security Issues In Custom Android ROM’s
Source 2 – Hot Spot Hacker
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.