Introducing Checkmarx Software Composition Analysis (CxSCA)

Top 3 Android Security Tips

Android  is enjoying an exponential growth. It’s estimated that Android Smartphone shipments exceeded the 1 billion mark in 2013. But this open-source platform has numerous security issues. Users are advised to step up their security awareness.

The Android mobile platform made its entry into the smartphone market in late 2008. Despite lagging behind iOS and Windows Mobile for a couple of years, it is now the leading platform worldwide (over 80% market share in Q3 of 2013).

Frequently changing passwords, using Android in-built security features and installing anti-virus programs are very useful and always recommended. But for extensive protection you can and should do more. Lets take a closer look.


Many users install unofficial apps from underground marketplaces. This installation of pirate .APK files is called “sideloading”. While these “cracked” apps are available for free, the security risks are very high. Users are advised to download apps only from Google Play after defining a pre-purchase PIN.

Users must also exercise extreme caution during the installation process. The permissions stage prior to the installation process should not be neglected. Rogue apps usually ask for unneeded access to the deepest of phone resources. Also research the publisher of the app and check other apps they are offering.


Android, being an open source platform, is very customizable. The underground market is full of third-party ROM’s claiming to boost performance and improve the user-experience. But Android owners must be aware of the fact that these “cooked” ROM’s are not safe and consist of many exploitable loopholes.

Official ROM’s come with system partitions marked RO (Read-Only). But the after-market ROM’s change that crucial setting to RW (Re-Write). The modification of system data then becomes very easy. This permission is virtually an open invitation to malware and viruses that can easily exploit the device.


Android users who hook on to unknown public WiFi hotspots are in extreme danger. The market is full of spyware products that can be easily used to tap into your phone once you are using the hacker-created network. Free WiFi internet is enticing and often very convenient, but is it really worth the risk?

It’s also recommended to keep an eye on the type of encryptions. If you see WEP (Wired Equivalent Privacy), you are probably in trouble. This is a decade-old system that is not safe by any stretch. WPA (WiFi Protected Access) and the more recent WPA2 are much more effective security technologies.

Needless to say, developers too must sell and distribute safe software only.

This can be achieved by having a secure SDLC and closing as many loopholes as possible with proper security scanning, specifically Static Application Security Testing (SAST) and Source Code Analysis (SCA). Ensuring transport layer security, good encryption standards and sandboxing are also highly recommended.

Have a safe 2014!

Source 1 – Security Issues In Custom Android ROM’s

Source 2 – Hot Spot Hacker

Jump to Category