By Bob Matlow, Security Advocate, Check Point Technologies
Whilst Apple devices may grab a lot of the headlines, with people camping overnight at their shops to get the latest iPhone, it is actually Android that has far more market share than Apple. Google’s open OS runs on around four out of five phones.
However, it is precisely the fact that Android is so popular as an OS that also makes it vulnerable to attack. As an open OS, the number of devices that are manufactured to run Android has no limit. As of May 2017, Google believes there are over 2 billion active android devices each being one of around 30,000 different makes and models. Whilst they are all running some form of Android, the software will no doubt become fragmented and, as each device falls somewhere between patches from OEMs, the manufacturer or Google, they can be left exposed.
It is the sheer volume of devices coupled with the inherent vulnerability that has made cyber attackers sit up and take notice; Android is rich with promise and Google Play is the land of opportunity.
Whilst Google Play uses the Bouncer tool to guard its store against potentially harmful malware being uploaded and distributed, there are many attacks which have bypassed this security app. Far more prevalent is the distribution of what is known as dropper apps; harmless apps which gain clearance for download on Google Play quite readily as they do not themselves contain any malware. Once they are downloaded however, they make contact with the attacker’s server and begins to download malware direct to the victim’s device.
The implications of these downloads can range from the installation of nuisance apps designed to reroute a user’s internet searches to the theft of data or even locking devices and demanding a ransom for its release. Many Android users fall victim to malware such as these due to the inherent trust that people place on the security of apps downloaded from Google Play. This misplaced faith makes victims far less cautious than they might otherwise be.
Malware on Android is largely becoming better designed and more complex with the latest strains using a combination of methods to disguise their actions and to gain top level privileges using social engineering or camouflage.
When it comes to advice regarding security and Android devices, the same rules apply. Any device that connects to your organisations network is a potential access point and represents a threat; Android or iOS. It is recommended that mobile phones and tablet devices are installed with mobile security controls and that these are kept up to date to ensure that security patches are current.