The Android mobile platform has come a long way since its introduction in 2008. Almost 80% of smartphones activated last year (2013) were powered by the “green robot”. But the customizable interface and other open source advantages come at a price. Android is ridden with vulnerabilities.
Android’s biggest convenience is also its biggest security issue. These smartphones are activated with one centralized Google ID, which controls all major functions such as emails, app management and calendar syncing. The risk is high.
Besides this inherited problem, the open-source nature of the market-leading OS is prone to cybercrime. Pirated ROMs and unauthorized apps that can be downloaded from underground markets put the unsuspecting users in danger.
Android users are advised to embrace the following safety guidelines:
1 – Use only official operating systems and enable automatic updates.
Mobile phone manufacturers release their products with proprietary software that is secure and patchable with future updates. This software should not be replaced with insecure pirate versions.
2 – Install apps only from the Play Store.
Android is an open source platform and encourages the development of third-party software to enhance the user-experience. Unfortunately these apps and ROMs are full of vulnerabilities and loopholes.
3 – Check permissions before installing apps.
The app installation process in Android devices is quick and easy. But it’s extremely important to inspect the permissions needed by the app. Shady apps asking for a long list of permissions should be blacklisted.
4 – Add a remote-wipe feature to your phone and back-up information.
Smartphones have become an integral part of our lives. Unfortunately, robberies and losing of phones are also quite common. It’s very important to have a remote-wipe option to avoid identity and data theft.
5 – Choose strong passwords and change them frequently.
A common mistake many mobile users make. As mentioned earlier, Android phones are powered with one unified Google ID. It’s very important to implement strong passwords and also double-authentication.
6 – Implement good anti-virus software.
More than two million new Android malware threats were created last year only, according to a report released by Panda Security. Your phone is a powerful computing device that must be protected.
7 – Don’t root your device.
Die-hard Android users like to root their devices and gain system-level access. While this gives them the ability to tweak the smartphone to their liking, malicious codes can also wreak havoc within the device.
8 – Don’t connect to unknown WiFi hotspots.
People with limited data plans thrive on WiFi connections. While usually a convenient and easy way to access the net, a free hotspot is the hacker’s best friend. Connect only to secure trusted networks.
9 – Don’t answer text messages from unknown numbers.
While typical phishing attacks are hard to execute on mobile devices, text messages have become a common way to scam unsuspecting users. Responding to SMSs from unknown sources is a recipe for disaster.
10 – Don’t do business via your phone.
Performing monetary operations via Android handhelds is not a good idea either. Banking platforms still cannot promise end-to-end encryption, making money and data transfer a risky proposition.
Its also important to understand that Android security begins at the development stage.
App programmers must develop their products in a secure Software Development Life-Cycle (SDLC). CISOs and InfoSec Executives must make sure that proper security tools are in place to bring out products with minimal security issues. These can include DAST, SAST and also Pen Testing, which is an effective way to check finished software.
Source Code Analysis (SCA), belonging to the SAST testing methodology, is a unique security method that scans Source Code. This early examination has numerous advantages including the shortening of production times and reduction of repairing costs. The seamless integration in the development process also enables full automation of the testing process.
Secure your app now. For a free Source Code Analysis trial – Click Here
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.