The truth about Android security October 04 2015, 0 Comments
You’re always advised to have an antivirus app installed in your phone, and most of the time this keeps your information and data secure. But what can you do about security flaws that are from the inside. Let me explain, viruses and malware attack your device from the outside, and antivirus programs can keep them out.
There are those security vulnerabilities, however, which take advantage of loopholes in the device’s source code. Hackers take advantage of these loopholes and gain access to your device without even necessarily using a virus.
Google has always worked to discover these loopholes and deliver updates that ‘cover’ them up. There are always problems, though, and even the latest Android version, Lollipop, has also experienced some security vulnerabilities.
Why Android is particularly vulnerable
Android was made to be ‘flexible’, and the same could be exploited by hackers. Take Apple, for example, for every app you install on an iPhone, it has to have your user ID, the one that you signed in with to iCloud. This ensures that every app has gone through Apple’s App Store and has been scanned for viruses or other security flaws.
On the other hand, you can download apps from the internet directly and install them on your device, or even share them with others. The apps don’t have a user ID on them and get assigned one once they’re installed on your device. Sure, each app ‘asks’ for permission to access your contact, messages, networks, etc. but honestly, nobody really pays much attention to that. We’re more likely to just ‘OK’ everything in a hurry as we do the fine print on social sites or insurance documents.
You can already see how this could be a problem. And the same extends to other aspects of the OS. For example, Google releases Android SDK, the source code, for every Android version to the public. Hackers and others with ideas can then tinker with the code and discover vulnerabilities which they can then exploit.
Should we all now panic?
Now you see that Google’s flexibility and user-friendliness can be a bit of a double-edged sword, on one hand giving developers and users freedom at the expense of security. Fret not, however, Google has put in a few measures to help you out. Even after you have granted an app certain permissions, the device has to approve the request of the app every time it ‘asks’ for a service. So the Android system has to judge whether a certain action is ‘right’ before allowing access.
The two manufactures have different approaches, as you can see, but this doesn’t mean your device is necessarily at risk; although sometimes it happens.