Approximately 75% of the world’s smartphones run on the Android platform. With big brands like Sony, Motorola and Samsung running on the operating system, it is no surprise that it has gained much popularity. And with Google continuously tailoring their services in the line with Android, it’s safe to say that the system will not be slowing anytime soon.
But of course, no system can have a perfect run. Recently, a group of researchers have released reports about security threats that could possibly affect 99% of all Android users. Now that includes you and me!
Bluebox Security research firm has released official reports about Android system’s "vulnerability" to hackers. It is an established fact that Android is open source so it should not take a genius to decipher how the system works. The problem, however, comes since hackers can potentially modify an app and transform it into the malware Trojan. This is by modifying the APK code without breaking the app’s cryptographic signature. See, the cryptographic signature is the way the system separates legitimate from harmful applications. This "master key" bug allows the hackers to modify the app without changing its cryptographic signature so the change goes unnoticed. This implies that antivirus programs and even Google Play itself will not be able to recognize the malware. The firm reportedly replicated the process it has indeed compromised security.
Personal and Data at risk
Of course the main question will be, "What can the Trojan do?" right? Especially for most regular users, these technical terms sound like jargon. But simply put, the Trojan can steal your personal information, usernames and passwords among others. For instance, I use my Android phone to receive my business phone calls and messages through my RingCentral app. If a Trojan gets into my system, it can retrieve my username and password for other malicious parties to use. They can then use the account to pretend that it’s me my clients are transacting with. Another good example is online banking or PayPal. These make use of usernames and passwords, right? Now imagine if the Trojan gets a hold of these bits of information. Cyberthieves can then access your account and do whatever you want with your money. And since the system will not know that there are actually Trojans installed, you’ll never know what got you!
When the report first came out, Google did not issue a response or statement whatsoever. However, Bluebox says that Google has been informed and is now taking extra measures to its Play store. However, the process remains to be theoretical since no evidence show that Cyberthieves are actually using the process.
Prevention is Better than Cure
While no reports show that it has actually harmed users, Bluebox reminds the public to be extra cautious. In fact, they’ve given the following tips for all of us:
- Identify the publishers of the apps you download. As much as possible, download only from credible, established sources. Double check the details of the application and if you feel like something’s not right, uninstall the app immediately.
- Offices who adopt the Bring Your Own Device (BYOD) should remind users to update their softwares always. Trojan attacks on one device can potentially gather information about all the devices connected to the system.
- IT departments should also take this discovery as a reminder to double check their systems and to intensify their security protocols.
Android may be the most popular operating system for smartphones, but it is also the most associated with malware and similar attacks. While Google’s geniuses assure us of data protection, let this report be a reminder to us that with advancing technology come more advanced threats as well.