How Secure is Android?



Google anti-malware measures have treats opposing tricks.

Figure 1: Codenamed versions of the Android OS began (in alphabetical order) once numbered builds started getting confusing. Shown, from left to right, is the numbered version, name, and release date.

Android is used in over 1.4 billion devices today. Android versions are named after treats in alphabetical order. The treat code names began with release C for “Cupcake,” after two previously unnamed releases had so many builds that people were getting confused between version 1.0 and version 1.1 builds. (Petit Four was an internal name). The codenamed versions are as follows: Cupcake (1.5), Donut (1.6), Éclair (2.0-2.1), Froyo (2.2), Gingerbread (2.3), Honeycomb (3.0), Ice cream sandwich (4.0), Jellybean (4.1 – 4.3), Kit Kat (4.4), Lollipop (5.0), Marshmallow (6.0), and Nougat (7.0). The latest version is Android 8.0, codenamed Oreo.

The Android team at Google is constantly updating new security features by collaborating with researchers, device manufacturers, and the Android ecosystem. Potentially Harmful Apps (PHAs) can put devices at risk, so Verify Apps was introduced in Jelly Bean 4.2. Verify Apps checks Android software against a database of exploits, malware, and viruses. If you have an Android phone, you can see when your apps were last scanned: Open Settings, select Google, and then Security. It tells you which apps were scanned and when (if you have a recent version of the operating system). Google claims it scanned “750 million daily checks in 2016, up from 450 million the previous year,” checking more than 6 billion apps for malware worldwide. Google Play Services is not just related to downloading stuff on Google Play; it needs to be turned on in order for Verify Apps to run.

In 2016, as compared to the year before, Verify Apps reduced trojan viruses by 51.5% and backdoors by 30.5%. At the end of 2016, only 0.05% of devices that only downloaded apps from the Google Play store contained some kind of PHA (e.g., trojans, backdoor, phishing). Apple is not immune. In September 2015, the iOS App Store had 85 legitimate iPhone apps infected with malware, according to Reuters.

If you do get a PHA on your Android phone, Google Play Services might warn you or remove the app automatically and notify you. The Google Play Protect feature is turned on by default, but you can make sure it’s turned on by opening Google Play Store on your phone, tapping the hamburger menu, and selecting Play Protect.

Another nice feature of Android phones is that you can erase all data on your phone remotely if necessary. Open android.com/find and sign into your Google account. Login using your password and your phone will ring for 5 minutes, even if it was previously set to silent. You can lock your phone and set it to display a message like “Please call xxx-xxx-xxxx to return,” or erase all content on the device.

Don’t forget that the best protection is to have a very long password for your Google account and to lock your phone with a password.

 


Lynnette Reese is Editor-in-Chief, Embedded Intel Solutions and Embedded Systems Engineering, and has been working in various roles as an electrical engineer for over two decades. She is interested in open source software and hardware, the maker movement, and in increasing the number of women working in STEM so she has a greater chance of talking about something other than football at the water cooler.

 

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis