As though to brush off substantiated reports showing Android’s vulnerability to malware attacks, Google’s security chief Adrian Ludwig recently presented a report that claims the operating system’s security infrastructure successfully scanned 99.99 percent of app downloads and installations.
Ludwig raised valid points for all that. He said Google managed to thwart attacks by locking down Android at the device level, meaning its security model has isolated almost every kind of malware that Windows hatched over the years. Verify Apps is at the core of Android’s security mechanisms. The software examines an app before it is installed and weighs the results against Google’s data sets of malware information to notify users about potential risks.
The search giant has faith in warnings as the most forceful check to malware and that strategy has been around for more than a year now.
Android targeted by 79% of recent malware attacks
But a recent memo from the U.S. Department of Homeland Security and the Federal Bureau of Investigation seems to contravene Google’s big data findings. The authorities alerted their security personnel to a huge volume of malware attacks drawn by Android mobile devices. According to that memo, 79 percent of hacks have hit Google’s OS, while iOS and Nokia’s Symbian attracted only 0.7 percent and 19 percent, respectively. The FBI and DHS put the blame on Android’s large market share and open source environment.
The agencies identified three common attack techniques employed by hackers. First is the SMS Trojan, which the hacker uses to spam out text messages to premium numbers and collect the charges at the expense of the unsuspecting user. Second is rooting, a sometimes tricky ploy of attackers that logs keystrokes and passwords. Finally, there’s the fake URL disguising as coming from genuine websites such as Google or Facebook only to lure users into installing malicious apps.
Some helpful tips
With the dynamically changing threat landscape, there’s certainly no one-size-fits-all solution to addressing various malware attacks. There are, however, proven ways to secure Android devices from threats, thanks to security researchers:
1. Install only trusted apps from trusted stores.
Most hackers would imitate items from app stores and turn them into apps with varied names. As some stores such as Google Play doesn’t maintain a list of trusted apps, you will be better off doing a background check for an app, including its reviews and ratings, before deciding to download it. And as much as possible, never let third-party stores push items to your device. To make sure you don’t fall for this trap, disable the “Unknown Sources” option in the Settings page.
2. Never use public Wi-Fi networks for viewing sensitive data.
Any public Wi-Fi network is apparently most susceptible to hacking. At any rate, don’t do sensitive transactions under its shade like banking or creating online accounts. If you have to, try a reliable VPN service.
3. Avoid rooting your device.
While rooting gives you freedom to do whatever you wish with your device, there is downside with it. To root a device means to determine its vulnerability, which clears up the way for attackers.
