'Android devices are vulnerable to attacks'

Apps that go through the Google Play store are subject to stringent reviews that prevent malicious apps from appearing


Tech Desk August 13, 2018
A Sony Xperia Z2 smartphone (L) and a Sony Xperia Z2 tablet are displayed at the company's stand during the Mobile World Congress in Barcelona February 24, 2014 PHOTO: REUTERS

With hacking incidents happening more frequently, the last thing you want to hear is that your phone is not secure.

According to a report by Security firm Kryptowire, Android's open operating system may be open to vulnerabilities.

The security firm ran tests on 10 devices running the Android OS and found that bugs in their firmware left them open to attacks.

Google launches Android Things for appliances

"Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase," an overview of the report reads.

The study by Kryptowire was conducted under the Department of Homeland Security's grant because some of the devices tested came from Chinese firm ZTE.

The US federal government has barred military employees from using ZTE and Huawei devices, in line with the intelligence community's advise that such devices could pose a national security risk if they were to be used by China to spy on US citizens.

The firm further added that if users download a malicious app on their ZTE ZMax devices, they become highly vulnerable, potentially giving the app complete access to their data and device operation. Other affected phones came from Vivo, Sony, and Sky, among others.

Wired magazine described this vulnerability as a 'byproduct' of the Android OS business strategy which lets third-party companies, such as ZTE, modify the code. This, though makes an Android device attractive for phone companies, is what's responsible for the cracks that might allow a malicious app to take over.

Although this may sound distressing to the users, an important thing to remember is that a device is only vulnerable to these bad actors if a user downloads an app. Apps that go through the Google Play store are subject to stringent review that should prevent a malicious app from even seeing the light of day.

Unless users are downloading apps directly from their makers or using non-Google verified app service, their Android devices should remain secure.

You can now get an Android phone for $80

Recently there has been all manner of questions about the merits of an app developer stepping away from Google's Play Store. This began since the developers of the popular multiplayer game 'Fortnite' announced that they will make the game available directly through Epic Games' website.

Doing so allows the developer to skirt around Google's 30 per cent cut, but the Kryptowire report reinforces the already serious security concerns.

Downloading unverified third-party apps already make an Android device vulnerable, and the report by Kryptowire further raises concerns.

This article originally appeared on Mashable.

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ