Android Security: What You Need to Know Before Buying an Android

Update 01/12/16: Google have just confirmed that nearly 1.3 million Google accounts have been accessed by hackers due to an Android Security flaw. Don't want to become a victim of mobile hacks? Check out our app, ZenMate Sense

Considering that over 80% of the world’s smartphones are powered by Android, it is safe to say that the Google-owned operating system is dominating the market. Yet despite it’s popularity, Android’s development over the last few years has been marred by a number of high profile security flaws that have affected millions of users.

Since smartphones have officially overtaken computers as the largest source of malware and virus threats, it’s no surprise that mobile security is becoming a more central part of the purchasing decisions of millions of prospective smartphone buyers. In this blog we look specifically at Android security, ask why Androids are so vulnerable to attacks and give some helpful advice to Android owners or those considering purchasing a device.

A brief history of Android security fails

Over the last couple of years there have been many high profile security flaws that have damaged the reputation of Android phones. Techworld have written a great blog post that goes into detail about some of Android's biggest issues. We've summarised it up quickly for you here:

  • December 2016 - Gooligan: This security flaw gave hackers access to 1.3 million Google accounts, including emails, photos, documents and more. It was achieved by infecting Android phones with illegitimate apps.
  • August 2016 - Quadrooter vulnerabilities: The Quadrooter vulnerabilities relates to four vulnerabilities which also allowed hackers to gain access to deviceS using a malicious app.
  • August 2015 - The ‘Certifi-gate’ mRST flaw: This was a flaw that impacted a Report Support Tool plug-in that was added to Android phones by many handset makers such as Samsung. Again it allowed attackers to install a fake app on users' phones that gave the attackers remote access and permissions.
  • July 2015 - Stagefright MMS flaw: This issue affected 95% of Android Users and was perhaps Androids most high profile security fail to date. The flaw affected Android's multimedia playback tool 'Stagefright' and basically allowed hackers to send device owners' MMS messages that contained malware. Owners did not even have to open the message for their phone to be affected.
  • June 2014 - Linux futex ‘TowelRoot’: A flaw in the Android operating system meant that if hackers could trick device owners into installing a malicious app, they would be able to remotely access their device and thus install malware or copy the owners' personal data. This flaw had the potential to impact almost all Android phones.
  • March 2015 - Android Installer hijacking: This one allowed hackers to replace one APK file with another to trick device owners' into installing a different app than the one they intended. Affected about half of Android owners at the time.
  • July 2014 - Android FakeID Flaw: Affecting every Android handset from 2.1 to 4.3, this flaw allowed attackers to create malicious apps that faked the security certificate awarded to legitimate apps and thus gave them privileged access to owners' devices.

Why are Androids so vulnerable to attack?

The Android operating system is an example of open source software. This is different than iOS software, for example, which is tightly controlled by Apple. Unlike iOS users who are only permitted to download apps from Apple's Appstore, Android users can download apps from anywhere, including directly from developers' websites.

The benefit of owning an Android is that these devices are highly customisable and users have much more control than iOS owners do of how their phone looks and behaves. However, this is also one of the main reasons that Android devices are perceived as being less secure than iOS devices: while Apple strictly monitors the iOS App Store, there is a limit to how tightly open-sourced software can be controlled.

Another difference between Android and iOS devices is that the Android operating system is not used on one singular device (like the iPhone) but is instead used on many different devices. This means that software updates, including security updates, happen very slowly as they need to be optimised for each device individually. Unlike Google, Apple can react very quickly when a security flaw in their system is revealed by launching a quick iPhone update.

Android device fragmentation August 2015

(This illustration by Open Source shows the fragmentation of Android devices in August 2015: each box represents a different Android device while each colour represents a different version of Android)

Should I still buy an Android?

Of course this doesn't mean that you should be put off from buying an Android altogether. As mentioned before there are many benefits to owning an Android device, especially if you like more control over the look and functionally of your phone. So while our aim here isn't to send you running into the strong, secure arms of Apple, all we would say is that Android owners must be a bit more savvy when it comes to mobile security than their iOS-loving counterparts.

Luckily there are a few simple steps you can follow in order to make sure your Android device remains protected from attacks. Most importantly, you should never download apps from untrustworthy sources and if possible, only download from the Google Play store. Secondly make sure that you always keep your phone updated as this is how Google issues patch-ups to known security flaws.

Finally if you want to make sure your phone is truly protected from attackers and malicious apps, the best idea is to download a security app on your Android that does the job for you. One such app you can check out is ZenMate Sense which is filled with security features including a malware scanner, browser protector and anti-theft mechanism. For more information click here or check out the app in the Google Play store.