Android mobile devices still rule the consumer market. Current estimates show Android with close to 90 percent market share—a fact that’s not lost on hackers. That’s why Android remains the top target for mobile fraud.
A 2016 IBM report acknowledged that Google is finally making some progress in the area of Android security. Since the release of Android 4.0 (Ice Cream Sandwich, Jelly Bean, and KitKat—Android codenames have confectionary themes) the company has attempted to fill some of the largest security holes of the past. 4.0 supports encryption, features more rigorous authentication management, and protects against some types of advanced attacks.
More recently, Lollipop (5.0) and Marshmallow (6.0) updates have activated more security features by default. Still, mobile malware is a genuine threat that continues to focus on the Android world. It’s not just third-party apps that carry risks. Hackers have even invaded the Google Play store with products riddled with evil code.
Recently Discovered Malware
In December 2016, Check Point Security researchers discovered a malware-laced battery app on Google Play that was distributing ransomware. “Charger (ransomware) was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment,” the company warned. The app has since been removed.
Check Point Security reported in November 2016 that over one million Android devices had been compromised by what it nicknamed Gooligan.
“Our research exposes how the malware roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more,” the security firm wrote.
Steps to Protect Device
Doesn’t sound desirable, does it? Your files should not be up for grabs so easily, but your haste could be your worst enemy.
Android users need to get serious about device security. Take the time to password protect your phone with a six-digit code (or longer).
It’s worth your time to read the disclosures on Google Play when you download an app—especially info about the permissions the app requests. Do you see any reason for a battery charger app to access your contacts list? We don’t. Skip any download that asks for overly broad or odd permissions.
Luckily, software can protect your phone against most malware seeking login credentials or other data theft. Sophos is one company that offers help for both Android and iOS users, and it’s free. Some protection is wise especially for those who scan QR codes—malicious content can be easily hidden in a QR—or download lots of apps.
Most toxic apps still come from third-party stores, but getting an app accepted by Google Play or the Apple Apps store is a home run for hackers. Both online stores have accidentally posted harmful apps. These were only removed after victims were hurt by malware. Since there’s no foolproof pre-test, think long and hard before you download that shiny new app whispering your name.