Over the past few months, the Android platform developed by Google and based on the Linux operating system has been having a difficult time. Hackers, with malicious intent and those without, have been investing time in finding out how weak this operating system is.
Android runs on more than four out of five mobile devices. It is popular because it is free and its terms do not dictate to device manufacturers what hardware it must be used on.
The hacking seen so far is partly a result of this popularity. But there also seem to be inherent problems, which experts and hackers have discovered don’t exist on other mobile platforms.
What are the issues?
Android is getting the most attention from malware creators, because it has more than 40,000 different malware compromises. This is worrying especially as the same systems for Windows and Apple phones seem to have only handful such issues (on non-jailbroken devices).
In June concerns arose about an SMS worm that could propagate via Android devices. One of the primary issues is the version control system these devices uses. As new and better versions of Android have been released, manufacturers having committed their development efforts to one version cannot always allow for upgrades. This is commonplace among the lower-priced devices, which tend to be fixed to a specific version of Android. Currently new devices are using the KitKat version of Android, but previous versions, such as JellyBean and IceCreamSandwich, remain in use.
In July researchers published their analysis of Android devices purchased on eBay. Even though these devices had had the information on them deleted, they could recover and analyse it. Naked Selfies among other confidential data were found, exposing a serious flaw in the encryption used by Android. The factory reset option, which should be able to permanently wipe any historical data from the device, seemed not to work well either. (This is the same issue, which was reported earlier in August, regarding the Tesco Hudl tablet, which uses Android as the operating system.)
Now researchers have found a flaw in the Gmail application on Android devices. The flaw makes it easy to create malware to obtain personal information, effectively using the email application as a route to extract all kinds of data from your phones. The researchers have claimed that this is also possible on iPhones and Windows phones. What they neglect to share is that Microsoft and Apple have app stores that undergo a range of stringent security checks before any app is allowed on their devices. This is unlike the Google Play environment, which is not the only source for apps on Android device.
There are many non-Google Android app stores – some legitimate but many not. Worse still, the security community has also exposed issues with the official Google Play store. We can trust almost all applications downloaded on Apple and Microsoft phones, but for any on the Android platform the risk is considerably higher. Unless you have up-to-date anti-malware software and are extremely cautious, chances are that your Android phone may eventually be compromised.
Should I be concerned?
Sadly, I think all Android users should be concerned. It is an excellent mobile operating system and has enabled low-cost smartphones and tablet computers to exist in the market place. But Google needs to tighten controls on how applications can enter this device as well as some of its underlying features.
Whenever I meet someone with an Android device, the first question I ask them is if they have any anti-malware installed. They often give me a quizzical look. The reality is that, if they don’t have such security apps installed, the data on their Android is not safe.