Android vital security information you need to know

Android vital security information you need to know concerns the impact of a raft of new Google Play security features, which aim to make Android the safest phone OS.

One impact may be that you need a new phone for device security.

Here are a few pertinent facts.

  • Android 13 (2022) or later has been security hardened. Earlier versions have not.
  • Ultimately, Android 15 will be the baseline for a secure system, leading smartphone makers to increase OS upgrade policies.
  • Google Play Store removed 2.36 million ‘harmful apps’, banned 158,000 ‘bad developers’, and stopped adding 1.3 million new apps in 2024.
  • Restricted sideloading apps (.apk). Samsung prohibits sideloading from Android 15.
  • Starting to remove apps that have not been updated to at least Android 13 security levels at the latest.
  • Enforcing removing unnecessary app permissions, observing privacy, and using secret APIs to circumvent Google Play Protect.
Android vital security information

Summary: If you are not on Android 13 or later, you are less secure and may find that the apps you were using have disappeared from Google Play.

Oh, and Apple iPhone users are not exempt – you don’t hear as much about the issues inside the walled garden.

Read more: How we kept the Google Play and Android app ecosystem safe in 2024

Unnecessary Permission apps are rife

Why would a weather app need more than your approximate location (COARSE_LOCATION)? Yet some ask for fine location, access to the phone, call logs, contacts, photos, storage, microphone, Wi-Fi, Bluetooth, app installation, and much more.

Does a torch (flashlight) app need any permissions? No – Android already has a Torch API.

Why would a Bitcoin app require up to 45 ‘irrelevant’  system permissions, 12 trackers, and up to 5329 ‘hardcoded secrets’? These provide attackers with a straightforward route to compromise critical systems, gain unauthorised access, or manipulate app functionalities.

 These are three examples of dangerous apps that can steal your personal data, install malware, record phone calls, spam your contacts, serve advertisements, and more.

Enter Google Play Integrity checker (Android 13 or later) and App access risk. It will be live in May 2025.

Cybernews analysed 50 of the most popular Google Play apps, and not surprisingly, Meta’s apps were at the top – WhatsApp, WhatsApp Business, Facebook, Facebook Lite and Instagram.

Android vital security information

One permission stood out – permission to post notifications. “The simplest exploit of notifications, often abused by malicious apps, is to bombard users with unwanted ads, phishing links, or even misinformation”.

Other innocuous permissions include:

  • Write and read files from storage. This opens up every photo, video, document, contact, and anything else on the device.
  • Access to the camera and recording could be used by malicious actors, spies, and even advertising companies.
  • Get Account permission to sign in with social media and sync accounts. Malicious actors have abused social login features to hijack accounts in the past. NEVER use a social media account to sign into an app.
  • Precise location for real-time tracking.
  • Contacts for email scams, phishing and more
  • Bluetooth connect and scan for devices means any other Bluetooth device can access your device.
  • Phone’s state and its interactions with the networks, such as phone number, current cellular network information, ongoing calls, and unique ID of the device,
  • SMS can be used to spam in your name.
  • Ability to run in the background (not seen)

Why? Personal data is gold

The answer to almost all security concerns is that personal data is gold for cybercriminals, hackers, and Nation-States. A cyber war and cybercrime war are going on, and you did not know about it.

What can you do?

  • While it may be costly, buy a phone with Android 13 (well, Android 14) or later, at least one OS upgrade, and a few years of security patches.
  • Set the phone to Auto-update.
  • Run a full-strength, paid anti-virus/malware solution like Trend Micro Mobile Security, Norton Mobile Security, and Malwarebytes – search Google for “Best paid antimalware for Android”. You don’t need the ‘kitchen sink’ versions – just anti-virus and malware detection.

Use Android’s free security tools

Android 13 or later has copious security tools. Don’t worry if you ‘mess up, as Android allows you to reset app preferences. Go to Settings>Apps>All Apps> and reset app preferences.

  • App Permission Manager (Setting>Apps>See all Apps>Permissions. This is easy because you can use ‘Ask every time’ to determine what an app wants to use. Don’t allow it if it does not make sense, as it is probably spyware.
  • Androids Permission based on Type feature. Security & Privacy>Privacy>Permission manager. Here, you can see what apps are accessing permission types, e.g., camera and deny permission if it does not make sense.
  • Remove permission for unused apps. Settings>Apps>See all Apps> Select App, and under Unused App setting, select Pause.
  • Restrictive Settings to disable apps access.

CyberShack Safety news and reviews

Android vital security information

Brought to you by CyberShack.com.au

Previous Post
Next Post