A little more than a year ago, Google set up a regular rhythm for the release of patches for Android and is now actively closing many security gaps, even if there are not many programs that can directly affect the system, as in the case with Windows. But Google’s product is quickly ‘catching up:’ by the end of this year, the total number of vulnerabilities found in Android is likely to exceed 500 pieces. In this regard, CVE statistics show not so much the unreliability of Android, like the fact that it is impossible to accurately assess what will appear in the future.
Diving into the marsh of patches
The vulnerability of mobile OSEC monthly “patches” for Android, unfortunately, does not fall on all devices: bugs in older versions are not fundamentally repaired, since Google, in version 4.4, introduced new security architecture into the kernel. Only Nexus devices get the latest patches automatically. In the case of all other devices, only the developers of the phones are responsible for the distribution. For the latest successful models, such as the Galaxy S7, the major manufacturers also responsibly provide updates, but the rest will have to wait, or they may be completely left without corrections. At the end of July, Lenovo announced that for its Motorola smartphones, the same update frequency would no longer be respected, since the costs of testing and implementation are too high.
Starting from Android 6, the user chooses which system services the application can use. Android cannot become the same excellent role model as iOS: according to information from the Kaspersky Lab report, in Europe, between April 2015 and March 2016, 23% of all attacks were carried out using ransomware programs. Within the world, this is a record figure. Any dating platform designed to seek online singles ladies can be a cover for a hacker application and contain codes harmful to your device.
Unlike Windows, mobile malware is limited to prohibiting access to the device through the lock screen. This limitation is due to the system settings since only a small number of users “rooted up” their smartphones in order, like under Windows, to get administrator rights. Since the capabilities of malware for Android do not exceed the capabilities of the owner of the device, it is not able to encrypt data on the phone.
Still, Android allows you to extend user rights: applications can run with so-called Device Administrator rights. They are needed by antiviruses and parental control programs to monitor actions taken on the device. If the malware functions in this way, the user is unlikely to notice it after installation. Detect extortioner will help a special scanner, for example, Detector from Trend Micro.
Fake Pokémon Go Ultimate app imposes a lock screen on your mobile phone. Unlike Windows, viruses get into Android without the participation of a smartphone user. Often they are disguised as popular games that are rattling around the world right now. Clones and add-ons, for example, under Pokémon GO, are written very quickly: since mid-July, ESET information security experts have counted more than 200 fake Pokémon applications that secretly send out expensive SMS or attempt on user data. And under the name of Pokémon Go Ultimate, a malicious application that locks the lock screen can hide.
How to protect your Android phone from hacking
One of the best ways to reduce this risk is to keep less information on your phone. For example, you can use the applications developed to automatically delete past conversations. To do this, select in the settings: Messages -> Store messages and set a period after which messages will be deleted. In other similar applications, as a rule, this feature is also provided.
The history of visits to web pages, of course, can be removed from the phone, but there is always a chance that this information remains somewhere in the device’s memory or on the server. Orbot (Android) and Onion Browser (iOS) applications will help make such visits anonymous and to significantly complicate third-party intervention. By the way, cafes and hotels use Opera VPN to encrypt information coming into and out of the device. This application can be downloaded by ordinary users too.
It is also important not to forget that the downloaded applications can also show excessive curiosity. Read carefully their rights, just in case. In the case of an Android device, go through the Applications -> Permissions chain. And if you have any doubts, it is better not to risk and immediately remove the suspicious application.