Security issues of Android phones
Android is a mobile OS developed by Google that is based on the Linux kernel and written in Java. The OS was initially developed by Android, Inc. (which was backed and later acquired by Google) and released in 2007. The user interface is designed for use with touchscreen devices such as phones or tablets. Android is open source and widely available, although most Android devices have a mix of open source and proprietary software.
Nowadays nearly all of the tasks that can be performed on a computer are achievable on mobile devices as well. This means that more sensitive information will be stored on mobile devices than before. Employees are even able to do work on their mobile devices, so there are more risks for proprietary information leaks as well. Additionally, the number of attempts of cybercrime has been increasing steadily in the recent years. This is even more important for Android because it is the most targeted platform due to its widespread usage and open source properties. The need for security is greater than ever for not only consumers, but large enterprises as well. (Farmer)
Now, as access to the Internet is so broad and natural, one of the biggest issues that bothered Android users was their personal security. While all mobile devices have inherent security risks, Android has more vulnerabilities because of its inherent open-source nature, the slow pace with which users update the OS, and a lack of proper app vetting.
The Android working framework is an open source and source code discharge by Google under Apache permit license, based on Linux-Kernel designed for smartphones and tablets. Android is one of the most popular operating systems for smartphones. At the last quarter of 2016, the total number of applications available in Google play store was 2.6 Million, and a total number of Android operating system-based smartphones sold was 2.1 Billion.
Android operating system uses the permission-based model which allows Android applications to access user information, system information, device information and external resources of Smartphone. The developer needs to declare the permissions for the Android application. The user needs to accept these permissions for successful installation of an Android application. These permissions are declarations. At the time of installation, if the permissions are allowed by the user, the app can access resources and information anytime. It need not re-request for permissions again. Android OS is susceptible to various security attacks due to its weakness in security.
Top android security issues are as discussed below:
1. Device Fragmentation
Android’s most serious security problem in 2017 was its sheer variation. Google’s report revealed that the annual patching rate is now around 50%, which is much better than before, but still not good enough. Software upgrades for new features and security patches are critical to the life of any OS, and Google still seems to struggle with the low rate of software update adoption. Consider that less than 1% of Android phones run its latest version, Nougat. At the same time, almost 80% of iOS devices run Apple’s latest version, iOS10. Nougat launched almost a month before iOS10. Samsung’s mobile security director Henry Lee recently told that around 60% of their users received an update in 2016 and 15% are using old Android versions. The same percentage simply ignores updates. Google hasn’t found a way yet to get dozens of manufacturers and hundreds of carriers to cooperate and regularly patch Android devices but is clearly working on it.
2. Android Instant Apps
Android Instant Apps are blurring the boundary between mobile apps and mobile web. We all remember Microsoft’s ActiveX Plugins, so it’s better to be careful with that innovation and test it out like other app security risks. The basic idea is that when a user with an Android device visits a website that can run an app, only the fragments required for execution will be installed. The idea is interesting, but it’s in its initial phase, so this year will make it clear whether Instant Apps will be secure enough to spread on the market.
3. Cheap Android Devices
Experts predict that African countries will witness a rapid growth of Android devices. Cheap devices running on the system are bound to pop up all over the place, and they might cause security problems. The problem with these smartphones is that their manufacturers don’t design them to be upgradeable. So, it doesn’t matter whether Google introduces a new version or a patch — these cheap phones won’t change and will instead pose a serious security risk.
4. Key Takeaway
Google has launched the Play Protect project, which aims to eliminate most of the problems that occurred up to this point- at least within the applications available in the store. Thus, everything is heading in a better direction. While the system itself has many variants, and a whole mass of manufacturers are hard to control; at least in this area, there will be far fewer applications that aim to retrieve user data.
5. Security Software Update
Android offers monthly updates in their Android Security Bulletin. Even though Android gives out updates once in a month, they don’t force the users to update the devices. With the option to ignore the update and operate the device in the same way, gives an escape plan to the users. Apple rolls out several version of security updates every once in a while, in a month. Apple makes it a mandate for every user to download the most recent security update. By giving out continuous notifications, the OS makes it difficult for its users to ignore the security upgradations.
6. App Stores Story
Apple undoubtedly has greater control on the apps that come for approval and their updates. The brand takes its right to vet, reject, and remove every app that doesn’t meet its criteria, very seriously, the fact that has brought in a demand for such iPhone app development companies, which can develop apps that don’t get rejected. While even Android has a vetting process in place, Malware still gets in every now and then. One of the most attractive features of Play Store, open ecosystem, while is a bliss for the users, is an equally bigger bliss for the hackers frequenting the apps. By allowing apps to be downloaded from stores other than the Play Store, Android increases the probability of security breach incidents.
