Mobile Friday: Ten Commandments of Android Safety

Mar 21, 2014 By Sharon Solomon

The Android mobile platform has come a long way since its introduction in 2008. Almost 80% of smartphones activated last year (2013) were powered by the “green robot”. But the customizable interface and other open source advantages come at a price. Android is ridden with vulnerabilities.

Android’s biggest convenience is also its biggest security issue. These smartphones are activated with one centralized Google ID, which controls all major functions such as emails, app management and calendar syncing. The risk is high.

Besides this inherited problem, the open-source nature of the market-leading OS is prone to cybercrime. Pirated ROMs and unauthorized apps that can be downloaded from underground markets put the unsuspecting users in danger.

Android users are advised to embrace the following safety guidelines:

1 – Use only official operating systems and enable automatic updates.
Mobile phone manufacturers release their products with proprietary software that is secure and patchable with future updates.  This software should not be replaced with insecure pirate versions.

2 – Install apps only from the Play Store.
Android is an open source platform and encourages the development of third-party software to enhance the user-experience. Unfortunately these apps and ROMs are full of vulnerabilities and loopholes.

 3 – Check permissions before installing apps.
The app installation process in Android devices is quick and easy. But it’s extremely important to inspect the permissions needed by the app. Shady apps asking for a long list of permissions should be blacklisted.

4 – Add a remote-wipe feature to your phone and back-up information.
Smartphones have become an integral part of our lives. Unfortunately, robberies and losing of phones are also quite common. It’s very important to have a remote-wipe option to avoid identity and data theft.

5 – Choose strong passwords and change them frequently.
A common mistake many mobile users make. As mentioned earlier, Android phones are powered with one unified Google ID. It’s very important to implement strong passwords and also double-authentication.

6 – Implement good anti-virus software.
More than two million new Android malware threats were created last year only, according to a report released by Panda Security. Your phone is a powerful computing device that must be protected.

7 – Don’t root your device.
Die-hard Android users like to root their devices and gain system-level access. While this gives them the ability to tweak the smartphone to their liking, malicious codes can also wreak havoc within the device.

8 – Don’t connect to unknown WiFi hotspots.
People with limited data plans thrive on WiFi connections. While usually a convenient and easy way to access the net, a free hotspot is the hacker’s best friend. Connect only to secure trusted networks.

9 – Don’t answer text messages from unknown numbers.
While typical phishing attacks are hard to execute on mobile devices, text messages have become a common way to scam unsuspecting users. Responding to SMSs from unknown sources is a recipe for disaster.

10 – Don’t do business via your phone.
Performing monetary operations via Android handhelds is not a good idea either. Banking platforms still cannot promise end-to-end encryption, making money and data transfer a risky proposition.

Its also important to understand that Android security begins at the development stage.

App programmers must develop their products in a secure Software Development Life-Cycle (SDLC). CISOs and InfoSec Executives must make sure that proper security tools are in place to bring out products with minimal security issues. These can include DAST, SAST and also Pen Testing, which is an effective way to check finished software.

Source Code Analysis (SCA), belonging to the SAST testing methodology, is a unique security method that scans Source Code. This early examination has numerous advantages including the shortening of production times and reduction of repairing costs. The seamless integration in the development process also enables full automation of the testing process.

Secure your app now. For a free Source Code Analysis trial – Click Here

The following two tabs change content below.

Sharon Solomon

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

  • CheckMyApps

    2 – Install apps only from the Play Store.

    And risk downloading an App that contains Malware, Viruses
    and so on. The playstore is not a secure environment and there are many Apps on
    there with Malware embedded in them as well as cloned Apps.

    3 – Check permissions before installing apps.

    Mmmmmm … yes that’s fine but what about the things that an
    App does that it doesn’t ask permissions for? There is a distinct difference
    between “reputation” these are the known permissions and “reveal” these are the
    things that an App actually does without you knowing it.

    6 – Implement good anti-virus software.

    Antvirus software is “reactive” and will only try and clean
    things up once a virus gets onto your device. The key is not to let Apps with
    viruses onto your device in the first place.

    10 – Don’t do business via your phone.

    Hahaha … no chance. Devices are becoming the de-facto way of
    doing business now. You cannot prevent this from happening as users will always
    seek the easiest way to do business especially when they are not in the office.

    I have but one commandment regarding Android safety/security.
    It is using theMobile Trust Management products from Pradeo
    (CheckMyApps/AuditMyApps/CheckMyApps API/MyCompanyStore).

    Pradeo’s unique and ground breaking products offer the
    ultimate in Mobile Application Security. Pradeo have been recognised by Gartner
    as a “visionary” in their 2014 Mobile Applications Security Magic Quadrant.

    Want to know more? Contact Ron Leeman …

  • Pingback: Major Android Browser Flaw Allowing Hackers to Bypass SOP Mechanism -

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.