Android vital security information you need to know concerns the impact of a raft of new Google Play security features, which aim to make Android the safest phone OS.
One impact may be that you need a new phone for device security.
Here are a few pertinent facts.
- Android 13 (2022) or later has been security hardened. Earlier versions have not.
- Ultimately, Android 15 will be the baseline for a secure system, leading smartphone makers to increase OS upgrade policies.
- Google Play Store removed 2.36 million ‘harmful apps’, banned 158,000 ‘bad developers’, and stopped adding 1.3 million new apps in 2024.
- Restricted sideloading apps (.apk). Samsung prohibits sideloading from Android 15.
- Starting to remove apps that have not been updated to at least Android 13 security levels at the latest.
- Enforcing removing unnecessary app permissions, observing privacy, and using secret APIs to circumvent Google Play Protect.
Summary: If you are not on Android 13 or later, you are less secure and may find that the apps you were using have disappeared from Google Play.
Oh, and Apple iPhone users are not exempt – you don’t hear as much about the issues inside the walled garden.
Read more: How we kept the Google Play and Android app ecosystem safe in 2024
Unnecessary Permission apps are rife
Why would a weather app need more than your approximate location (COARSE_LOCATION)? Yet some ask for fine location, access to the phone, call logs, contacts, photos, storage, microphone, Wi-Fi, Bluetooth, app installation, and much more.
Does a torch (flashlight) app need any permissions? No – Android already has a Torch API.
Why would a Bitcoin app require up to 45 ‘irrelevant’ system permissions, 12 trackers, and up to 5329 ‘hardcoded secrets’? These provide attackers with a straightforward route to compromise critical systems, gain unauthorised access, or manipulate app functionalities.
These are three examples of dangerous apps that can steal your personal data, install malware, record phone calls, spam your contacts, serve advertisements, and more.
Enter Google Play Integrity checker (Android 13 or later) and App access risk. It will be live in May 2025.
Cybernews analysed 50 of the most popular Google Play apps, and not surprisingly, Meta’s apps were at the top – WhatsApp, WhatsApp Business, Facebook, Facebook Lite and Instagram.
One permission stood out – permission to post notifications. “The simplest exploit of notifications, often abused by malicious apps, is to bombard users with unwanted ads, phishing links, or even misinformation”.
Other innocuous permissions include:
- Write and read files from storage. This opens up every photo, video, document, contact, and anything else on the device.
- Access to the camera and recording could be used by malicious actors, spies, and even advertising companies.
- Get Account permission to sign in with social media and sync accounts. Malicious actors have abused social login features to hijack accounts in the past. NEVER use a social media account to sign into an app.
- Precise location for real-time tracking.
- Contacts for email scams, phishing and more
- Bluetooth connect and scan for devices means any other Bluetooth device can access your device.
- Phone’s state and its interactions with the networks, such as phone number, current cellular network information, ongoing calls, and unique ID of the device,
- SMS can be used to spam in your name.
- Ability to run in the background (not seen)
Why? Personal data is gold
The answer to almost all security concerns is that personal data is gold for cybercriminals, hackers, and Nation-States. A cyber war and cybercrime war are going on, and you did not know about it.
What can you do?
- While it may be costly, buy a phone with Android 13 (well, Android 14) or later, at least one OS upgrade, and a few years of security patches.
- Set the phone to Auto-update.
- Run a full-strength, paid anti-virus/malware solution like Trend Micro Mobile Security, Norton Mobile Security, and Malwarebytes – search Google for “Best paid antimalware for Android”. You don’t need the ‘kitchen sink’ versions – just anti-virus and malware detection.
Use Android’s free security tools
Android 13 or later has copious security tools. Don’t worry if you ‘mess up, as Android allows you to reset app preferences. Go to Settings>Apps>All Apps> and reset app preferences.
- App Permission Manager (Setting>Apps>See all Apps>Permissions. This is easy because you can use ‘Ask every time’ to determine what an app wants to use. Don’t allow it if it does not make sense, as it is probably spyware.
- Androids Permission based on Type feature. Security & Privacy>Privacy>Permission manager. Here, you can see what apps are accessing permission types, e.g., camera and deny permission if it does not make sense.
- Remove permission for unused apps. Settings>Apps>See all Apps> Select App, and under Unused App setting, select Pause.
- Restrictive Settings to disable apps access.
CyberShack Safety news and reviews
Android vital security information
8 comments
Kaz
Re: need to know android vital security 31/01/2025.
Thank you Ray for the concise information of how to go into settings to check & disable or utilize such as “ask first” regards potentially nefarious abundant permissions. Even though I’m a low end user of all things internet I’ve always done the above on my Androids, when Google took over.
I don’t have a wide network but I’ve gathered over the years so few people ever bother to go deeper into settings to check off truly unacceptable permissions.
And it amuses me when I see complaints about too much ads pop-ups or covering screens or on social media feeds. I literally get very little of that nonsense ha.
Even though many of us first world folk have no issues with data credit so much now, especially with rollover on prepaid, wouldn’t the good ole “Data Saver” toggle on be a beauty for restricted data access in the background overall? Maybe different on all phones, re still having to go deeper & check what’s left toggled on.
Yes! So much more to worry about nowadays! Most annoying when hearing more & more data breaching in govt or private corps with so much personal information!! Glad I’m not addicted to more than one social media what with the “Cognitive Warfare” influence going on. Gobsmacking that a nation of mostly youth were nefariously influenced to march anti-Indian imigrants in Japan apparently, via iSoon co at the behest of China. Scary stuff.
Good to hear Google is being more scruntinous!
Only downside is under 13 versions are not being given something, like idk, extra patches. Beyond system upgrade endings. A LOT of people even in first worlds simply cannot afford to be buying “new” phones after the typical 2yrs of “upgrades for security”. I’m still on v11 phone but have a V13 still in the box, ready to set up with v14 first thing.
Things may have changed a lot re cyber highway security but as far as i understood from well over a decade ago, that it’s in everybody’s interest that even those devices that don’t have paid antivirus, nor self directed settings lockdowns, that these devices are given protection from outside. Regards the innocuous potential for spreading of infection so to speak. Which i learned is why from the start free versions of AV were at least provided for a bottom line degree of protection.
But yes finally Google is picking up it’s act! Interestingly, regards depts & companies breaches, and although I am quite unaware of those world’s in actually, I read an article by an early days IT tech fellow, who said that it’s been ending in-house IT dedicated workers/teams that has been one of the biggest problems re growing criminal access & outcomes. Surprise surprise. Not!
Thx again to Cyber Shack for helping out those of us who do go looking ha! Kaz
Ray Shaw
Many thanks for your detailed comment. I think the best summary is that people don’t dig deep enough to change the default privacy settings, and 99 times out of 100, changes don’t affect the functional operation of any app. And on Google – yes, it is really upping the security bar, but perhaps not only for the reasons you think. Arch-nemesis Apple had for too long lulled its flock of sheep into thinking they were safe behind the walled garden. That is absolute, patent rubbish. There are a huge number of iOS and MacOS viruses/malware, DarkBERT https://cybershack.com.au/consumer-advice/darkbert-is-the-most-malicious-ai-from-the-dark-web-its-coming-after-you-consumer-advice/ has an aim to knock the walled garden down, and there are massive rewards for Apple malware writers. The sheep are waiting to be well and truly and inevitably shorn. Macs and iPhones are not immune from attacks, malware and compromise – otherwise, Apple wouldn’t put out security updates.
Google is intent on providing tools to stop malware in the Play Store and harden Android. Apple will not let AV companies have access to its kernel, giving its XProtect the sole advantage. Google will and there are some exceptional AV/Malware products like Trend Micro, MalwareBytes and Nortons that also use the cloud to ensure it is up to the minute.
DeepSeek
Thank you for highlighting these important security tips for Android users. It’s essential to stay informed and take proactive measures to protect our devices. Keep up the great work in raising awareness about cybersecurity!
Ray Shaw
Our pleasure. CyberShack readers can claim to be well-informed.
Julie
Does that mean my samsung S10 phone, which no longer gets updates, is vulnerable even though I run a paid for antivirus service ?
Ray Shaw
A paid AV service will help protect your older device but it does not always stop malware using vulnerabilities to get it. The S10 was launched in 2019 and frankly the battery life must be almost over. Money is hard to come by so hang on to it for another year or buy something newer. There are many great Android phones from $599. See https://cybershack.com.au/featured/best-android-phones-11-2024/
Ian Thompson
Have Android 14 – had an OS update yesterday. Now, signal strength is showing zero bars, on both 4G and 5G. This is the ultimate in security – virtually zero network access!
Ray Shaw
You would have had to reboot after the update so that is one less thing to consider. What is the brand/model of the phone and are you in Australia. Perhaps I can give you a few hints.