Authored by a Symantec employee
The security argument between Apple’s iOS and Google’s Android system for smartphones is heating up yet again. In a recent study conducted by Daniel R. Thomas, Alastair R. Beresford, and Andrew Rice at the University of Cambridge, research concluded that 90 percent of Android devices are exposed to at least one critical vulnerability.
The threat model was constructed using three common attack vectors: installation attack (malicious codes installed through app download); dynamic code loading (an existing app downloads new malicious codes); and injection (an attacker injects malicious codes directly into the device’s existing system).
Each of these threats requires regular updates and patches from both the manufacturers and the software companies. However, Android devices receive an average of only 1.26 updates per year to fix these evolving threats.
According to the report, “there is information asymmetry between the manufacturer, who knows whether the device is currently secure and will receive updates, and the consumer, who does not.”
The bottom line is that Android users must be more careful about how they use their devices, and take extra precautions in securing their personal data.
Lock Your Phone
The first thing you can do to increase the security of your Android device is to make sure you’ve set up the lock screen. This is done by setting a PIN, pattern, or password and keeps physical attackers from easily gaining access to your phone. While this will not protect you from online threats, it will keep your personal information safe if you lose or temporarily misplace your phone.
Enable Encryption Chip
Next, consider enabling the phone’s storage encryption. Depending on the age of your device and the associated features, you may or may not be able to enable the encryption chip. This feature is much more secure than the average lock screen feature and requires a two-step authentication password to use the device. Older operating systems often have trouble with this feature, causing the phone’s processing to slow considerably. Look at what’s available, and make your decision based on the level of threat you think you might encounter.
Always verify apps before you install them on your phone. There are third-party applications available outside of the Google Play Store. While some of these applications are harmless, others may contain the malicious codes addressed in the Cambridge study. Check and verify the third-party application before you install. If you’re not completely sure it’s safe, don’t risk your personal or company’s information by allowing the app on your device.
Use Anti-Malware Softwae
Install a reputable anti-malware app from a trusted and secure source such as Norton Mobile Security. Every time you download a new app, run a scan to verify the download was successful and did not contain any malicious codes. Malware has been particularly popular on Android devices.
Disable Bluetooth Connectivity
Disable Bluetooth connectivity when you’re out in public. Bluetooth allows your phone to connect wirelessly with other smart electronics—and enables other people to connect to your device without your permission if it’s left on and unattended. Attackers could be anywhere, from the local coffee shop you frequent, to the coin laundry spot you use around the corner.
Leaving your Bluetooth on puts you and your personal information at a huge disadvantage.You can take advantage of all of these security features today. Until Android begins to provide regular patches and updates for it’s security issues, users will have to remain vigilant and proactive about personal phone security.
Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone