1What Device Makers, Carriers, Users Can Do to Bolster Android Security
2Google Actively Patches Flaws It Finds
While Android is not the most secure operating system in the world, Google actively works at improving Android security. The company has a team dedicated to finding flaws in its operating system and, with each new version, Google patches those holes. Patching security holes is a constant worry for all software developers and the organizations that use a wide range of software products.
3Google Has a Bounty Program That Works
Google has a bounty program that rewards researchers for findings flaws in Android. Better yet, the program actually works. Since its inception, researchers have found a wide range of flaws that affect Android, and Google has passed out cash to reward those who found them. Using cash to fight back against malware is actually a useful tool in addressing malware problems on Android.
4Google Doesn’t Have Full Control Over Software Updates
Although it’s been easy for people to blame Google for Android woes in the past, the truth is the search giant has little to do with actually fixing issues. While Google may release a patch, it’s up to the company’s “partners”—mobile device makers and carriers—to actually deploy the software to affected devices. That means that the majority of patches never reach user devices.
5The Onus Falls on Vendors to Patch Their Products
The real blame for malware in Android might be better placed on vendors that don’t do enough to actually support their devices. After a product is sold, as few as 20 percent of those products are actually updated with the latest security patches, even if a zero-day vulnerability is discovered. Android vendors are worried more about device sales than maintaining their security after the sale.
6Carriers’ Product Support Also Falls Short
Carriers are equally to blame because they don’t reliably update the devices that run on their networks. Google pushes security updates to wireless carriers but relies on them to actually release those updates to users. In some cases, the carriers respond but in others they don’t. It’s out of Google’s hands at that point and, in far too many cases, carriers don’t do what they should to update products.
7Malware Issues Aren’t as Bad as You Think
While Android gets a bad rap as the target for 99 percent of all mobile malware, it’s not actually affecting that many users. In fact, in April, Google released a report that showed that just 1 percent of Android devices in the wild were actually running malicious code. So, while the amount of Android malware circulating in the wild may be increasing, it appears that it’s not affecting that many devices so far.
8Fragmentation Rears Its Ugly Head
Arguably the biggest issue affecting malware in the Android ecosystem is operating system fragmentation. Mobile devices run a variety of outdated versions of Google’s operating system, leaving them vulnerable to malware that exploits flaws that have been fixed in later editions of the platform. Fragmentation has been a problem with Android since Google released the first Android update. It’s an issue that Google, device makers and carriers will have to eventually solve if they want to get serious about suppressing malware and security holes in Android.
9Most Malware Requires User Mistakes
Although the latest-reported Stagefright flaw doesn’t fit the mold, the vast majority of malware that impacts Android devices actually requires user input of some sort. In other words, users would need to open a link, see a text message or interact with malicious code in some way for it to deliver its payload. It’s important to remember that while Android malware is prevalent, in the vast majority of cases, users have to be duped into installing the malware.
10Android Users Should Download Vetted Apps From Google Play
The easiest way for a malicious hacker to deliver a malware payload to an Android user is through an app. However, Google has done a much better job in the past year analyzing apps and rejecting suspected malware. The biggest app threats tend to come from third-party Android app stores where reviews are not necessarily as rigorous. Hackers also tend to take advantage of unsuspecting victims by using phishing attacks. Keeping app downloads to Google Play and remaining vigilant about phishing attacks will safeguard users from the vast majority of Android malware.
11Informed Users Are the Best Defense Against Malware
User education is essential when it comes to security of any kind of connected device, let alone Android security. Users should learn what they need to do to update their software or find the latest patches. Those who know what to do are able to dodge malware attacks. Having simple knowledge of what to look for is the first step in securing an Android device or any other product that is subject to security vulnerabilities.