Android OS in a short period of time has become one of the most popular systems for all kinds of mobile devices. It is used by both large world-renowned manufacturers and small companies, so the price range of finished products, such as smartphones and tablet computers, can satisfy the needs of consumers by almost one hundred percent. It is the wide assortment, flexible pricing and platform support from an impressive number of manufacturers that have become one of the main success factors and allowed the system to take its current position in the market.
However, such a huge number of users simply could not be ignored by cybercriminals. Having built an entire industry with its own laws on the development and distribution of malware, they have become extremely partial to any sources of easy money.
Like any other system, Android, unfortunately, cannot be completely secure, as the people involved in development will never be able to create perfect code. Nevertheless, the developers make efforts to ensure that consumers receive a quality product in the end. On the example of Android, we can observe another confirmation that the more popular a product is, the more it is susceptible to attacks by cybercriminals. Later in this article, we will take a closer look at what threats this operating system and, as a result, its users are exposed to.
Viruses for Android? No, I haven't!
When the first malicious program for Android was discovered in August 2010, many users took the news as some kind of attempt by antivirus companies to intimidate them and pull money for their products. Over time, the number of Android threats continued to grow. More than a year and a half has passed since the first Trojan appeared, but despite the fact that at the end of 2011 the number of malicious programs for this platform increased at least 20 times, a large number of users are still skeptical about the issue under discussion.
So what types of Android malware are there and how are they dangerous?
The list is confidently topped by SMS Trojans (the Android.SmsSend family). The purpose of such programs is to send messages with increased tariffs to short numbers. Some of the value of these messages goes into the pockets of the attackers, enriching them. Such programs practically do not differ from each other, except for minor changes in the interface and short numbers to which messages will be sent. Most often, they are distributed under the guise of popular applications and games, such as Opera Mini, ICQ, Skype, Angry Birds, etc., using the corresponding icon.
The list is followed by more "heavyweight" Trojans. These include, for example, Android.Gongfu, Android.Wukong, Android.DreamExploid, Android.Geinimi, Android.Spy, etc. Depending on the family, these malicious programs have such functionality as, for example, collecting confidential user information, adding bookmarks in the browser, executing commands from cybercriminals (backdoor and bot functions), sending SMS messages, installing other applications, etc. To implement the ability to install applications without arousing suspicion on the part of the user, Trojans need root rights (rights, with which the kernel of the system works). To do this, they use various methods, which will be described in more detail a little later.
Commercial spyware is also important. These apps are used to spy on users. Their arsenal, depending on the class, cost and manufacturer, includes such functions as intercepting incoming and outgoing SMS messages and calls, audio recording of the environment, tracking coordinates, collecting statistical data from the browser (for example, bookmarks, visit history), etc. Despite the fact that most of these programs require initial configuration and manual installation, they pose a significant threat, since after being inserted into the device, they do not create an icon among other installed programs, and their presence can be detected only by indirect signs, including by going to the system menu with a list of applications. If you closely monitor installed programs and know the names of legal applications,
Other malware can combine the various functions described above.
Separately, it should be said about the advertising modules used by the creators of programs and games and used to make money. When a user clicks on a displayed advertisement and navigates to the advertised product or service, the application developer receives a certain amount of money. In most cases, such modules do not pose a threat to the user, however, there are also less harmless ones among them. For example, advertising messages may appear not inside applications, but in the status bar of the device. Such messages can easily be mistaken for system messages, which is what cybercriminals take advantage of by using phrases like "An urgent system update is required" for advertising (you will almost certainly receive another Trojan instead of an update).
A number of modules behave too aggressively, collecting confidential information of users (IMEI, phone number, name of the operator used, etc.), as well as adding shortcuts to the desktop and bookmarks in the browser. Applications using such modules are detected as adware or adware (for example, Adware.Airpush, Adware.Leadbolt, Adware.Startapp, etc.).
Vulnerabilities in the Android operating system and the software it uses
The architecture of Android is built in such a way that all applications run with limited rights and do not have access to the protected data of other applications.
As noted above, Android is not a perfect system, so it should come as no surprise that it has vulnerabilities. One of the main problems that users may face is system vulnerabilities that allow them to get root privileges. There are special applications, scripts and software modules that perform this task. In everyday life, such things are not scary to users, since they are most often used deliberately to gain more control over the device. Another thing is that the same vulnerabilities (for example, CVE-2009-1185, CVE-2011-1823) were adopted by the creators of malicious applications. Using exploits (the very same software modules and scripts) to elevate their rights to the root level, they get the opportunity, for example, freely install other programs without the user's permission (as do various modifications of Android.Gongfu and Android.DreamExploid). Some malicious programs do not use exploits themselves, directly, but mislead the user and induce him to take the necessary actions, thereby giving the malicious program the capabilities it needs.
One of the key elements of Android security is the Permission System. When installing applications, the user is shown a list of all the functions that will be available to this or that program. After installation, applications are able to perform their functions without user intervention. On the one hand, demonstration of program capabilities before installation should provide an adequate level of security, but not all users carefully study the list of functions. Moreover, it is impossible to say with certainty whether this or that function will not be used in the future to the detriment of the user. But this is not the last drawback of this system. For example, it is possible to create applications that will not require any permissions for their work, which can create a false sense of complete security. However, in reality, such applications will be able to access certain information (for example, files stored on a memory card in an unprotected form, a list of installed programs used by a mobile operator) and even send this information to hackers over the Internet.
The use of unofficial or third-party firmware can also pose a threat. There are several reasons for concern here. Firstly, malicious programs can be embedded in such firmware from the very beginning. Second, when an application is digitally signed with a system image, it receives the same rights as the system itself in which it operates. Under the Android Open Source Project (AOSP), signatures for images are private, so this scenario is possible, for example, if the corresponding signature is stolen. A similar method of infection was used, in particular, by the Android.SmsHider malware, which could unnoticed by users using certain third-party firmware, install the Trojan apk it contained.
System applications, both standard and those from Android device vendors, are also vulnerable to vulnerabilities. For example, some vulnerabilities in the WebKit browser allow potential malware to execute arbitrary JavaScript and gain access to protected browser data.
If application software developers do not pay sufficient attention to security when working with user data, this data can be compromised. Registration data stored in an unprotected form, passwords from bank cards and other confidential information can be attacked. If, during the operation of the application, the same data is transmitted over the network directly in unencrypted form, then they are also potentially vulnerable to compromise from attackers. One of the notable precedents for such a problem was the situation with the Skype application, when user data, including profile information, contacts and chat history, was stored unencrypted and, if desired, could be easily obtained by attackers.
Openness
The openness of the Android system lies in several factors. First, it is the availability of code that can be used, modified and improved by developers depending on their needs and ideas. On the one hand, this is a definite plus for device manufacturers and developers, on the other hand, it enables not only researchers, but also attackers to find vulnerabilities and errors more productively.
Secondly, it is possible to install applications both from the official Google Play application catalog (formerly called Android Market), and from any other available source.
Thirdly, the creation of applications is practically generally available, since you need to pay only $ 25 if the developer wants to place his products in the official catalog, and no material costs are needed to distribute programs outside of it.
Fourthly, programs hosted on Google Play have not been pre-screened or tested by Google until recently. More recently, the Bouncer system was announced, which should check applications placed in the Play directory for malicious functions; developer accounts will also be verified. Undoubtedly, this should increase security to some extent, but it still does not solve the problem, since malware creators can use various tricks to successfully bypass the Bouncer system.
Platform fragmentation
Due to the fact that the Android system is used by a large number of manufacturers of mobile devices, and at the same time there is no specific framework for their technical characteristics, devices with a wide variety of functionality are available to consumers. As the next system update is released, not only new functions are added to it, but previously discovered vulnerabilities are also closed. Manufacturers, at their discretion, release the corresponding update versions. Sometimes it happens that a device that has recently been a flagship does not receive a new version of the OS or software and, accordingly, remains unprotected from potential threats. The reason for this can be both economic considerations (adaptation of the update will require too large financial investments, or the manufacturer simply wants to make money on the sale of new devices),
Human factor
Whatever the level of system security, the human factor plays an important role in ensuring security. As an example, we can cite elements of social engineering used by cybercriminals, for example, the previously mentioned method of distributing malicious programs through advertising in applications using loud phrases ("An urgent system update is required", "Your browser version is outdated", "Install Skype update immediately " etc.). The same can be said about cases of spreading malicious programs using SMS spam (in this way, for example, the Android.Crusewind backdoor was spread).
Another element of social engineering is the game on the desire of many people for something free ("New version of Need for Speed", "Update Asphalt for free!"), As well as the use of the theme "for adults" ("Supergirls, download here!", "Collection of photos of a naked beauty", etc.).
In addition, attentiveness on the part of the users themselves is also important. Very often, cybercriminals fake well-known sites, imitating their design, structure, or trying to create an exact copy. At first glance, such a site may look exactly like a real one, but upon closer examination, you will notice a catch. For example, the address bar will indicate a site that is completely different from the original, or has slight distortions (for example, vkontlakte.com, vkontakne.b1.ru, androldmarket.com), or some familiar element will not work on it, or at all something familiar will be missing.
Applications can also be tampered with, and an inattentive user is more likely to share his personal data with attackers (login and password from a social network, credit card information, etc.). There can be many options.
Conclusions
So, we have considered the most common threats that users of devices running the Android operating system may face. Now we can summarize and draw some conclusions.
One of the main security concerns when working with the Android OS is, first of all, the human factor. No matter how secure the operating system is, carelessness, inattention, self-confidence and simple ignorance will sooner or later endanger the owner of a smart device. For example, the user's confidence that they are safe leads them to ignore security tools such as anti-virus programs. When cybercriminals use tempting offers, for example, downloading free versions of paid applications and games, they use the desire of people to gain profit without loss for themselves. When a well-known site, game or application is forged, and the user is inexperienced, he may not even realize that he is exposed to any risk,
The next important problem is indirectly related to the first and concerns the software vulnerability of both the operating system itself and the application software. Android is built by people who, by their very nature, can make mistakes. These mistakes may never be noticed, or they may appear at the most inopportune moment. A detected error in the code is taken up by cybercriminals if it will bring them some benefit. Thus, users face, for example, malware that uses root exploits to elevate privileges on the system. Most of these exploits were originally conceived to help more experienced users, but quickly migrated to the arsenal of cybercriminals.
Despite the efforts made by Android developers to ensure maximum system and user security, there are ways to bypass security barriers. In addition to root exploits, an example is the signature of malicious applications with a security certificate of third-party firmware, which allows such programs to work with system rights on the corresponding OS image. The permission system is also imperfect. The previously described case of creating an application that does not require any permissions at all for its operation is also an example of the fact that errors are made, and any protection can be bypassed.
If application developers do not pay enough attention to security, this can affect the level of protection. The Skype case confirmed this. Similar flaws can be found in other applications, which is by no means good news for users.
Despite the positive aspects of the platform's openness policy adopted by Google, there are also negative aspects. First, it increases the likelihood of discovering vulnerabilities that could be exploited by attackers. Second, a very liberal attitude towards the process of creating applications and the wide possibilities for their installation by end users is also exploited by enterprising cybercriminals. Google's introduction of the Bouncer system is a step towards increasing security without major changes in the open policy of the Android ecosystem, but it may not be the solution to all problems.
The next major disadvantage of the Android OS is its fragmentation. The existence of a large number of device manufacturers and different versions of the system creates certain difficulties, since users cannot always receive the necessary update, which significantly affects security. The push by some manufacturers to release new models as often as possible may even force some consumers to stop using Android devices anymore. This may be due both to the fact that they cannot receive the desired system update, and to the fact that the characteristics of devices after the release of new models have time to become significantly outdated and no longer meet user requirements.
And, of course, malware is a danger. Using the above-mentioned features of Android, the attackers quickly adapted to the new structure of the mobile device market and began to master all possible and most profitable schemes for them. In their dark deeds, they use SMS Trojans to make quick and easy profits; The use of Trojans that steal confidential user data also allows them to earn money, for example, by reselling e-mail information, logins and passwords from various social networks and other services that are beneficial to them. Social engineering also contributes significantly to their prosperity.
Don't forget about the commercial spyware manufacturers who sell their solutions for decent sums. At first glance, the prices may seem very high, but the benefits that potential customers can get can be many times higher.
What's in the future?
We can say with a certain degree of confidence that in the near future, the owners of Android devices will continue to be threatened by malware, especially SMS Trojans. Trojans-spies and Trojans-hijackers collecting confidential information will also not be left out. In the future, malicious programs that combine various functions, including those using root exploits, will also appear. There are also cases of exploitation of discovered vulnerabilities in popular applications.
The organization of large botnets is not excluded, capable of carrying out attacks on Internet resources or sending out mass spam. There may be an increase in the incidence of malware infections among those users who use third-party and unofficial firmware. Such attacks can also be of a local, targeted nature, when the most interesting firmware versions will be selected by attackers.
Trojans-blockers and ransomware, already familiar to Windows users, are likely to appear. Attacks of such malicious programs can be widespread, for example, among owners of rooted devices, but it is also quite possible that these Trojans will themselves perform the necessary actions to elevate privileges in the system or entice the user to do so using social engineering techniques.
In addition to the "classic" spyware Trojans, it is not excluded that the so-called. analytical applications like Carrier IQ. Such programs can be used by device manufacturers and telecom operators to collect statistical and analytical information, however, as the case with Carrier IQ has shown, the information collected can be excessive and directly threaten user privacy. Manufacturers should, at a minimum, inform consumers about the availability of such applications and how they work. However, there may be cases when the manufacturers themselves do not fully know how the information collected meets the security requirements.
One way or another, social engineering will remain one of the main attack vectors. At the same time, the attentiveness and caution of users should play an important role in ensuring safety. An appropriate level of security must come from both the mobile device manufacturers and the application software vendors. They need to release system and application updates as soon as possible as vulnerabilities are discovered. It is also necessary to ensure the proper level of confidentiality of users and the protection of their personal information.
Improvements are still possible in the direction of hardening Android. For example, the functionality of the applicable permission system can be extended by adding an additional degree of application control. Now users can see what functions a particular application can use only during installation and when opening the corresponding information in the system menu of the device. If, however, a system is introduced that displays the need for programs to perform a particular action, and also allows the user to decide what opportunities to provide to the program, this can increase the level of security.
Thank you for your attention!
However, such a huge number of users simply could not be ignored by cybercriminals. Having built an entire industry with its own laws on the development and distribution of malware, they have become extremely partial to any sources of easy money.
Like any other system, Android, unfortunately, cannot be completely secure, as the people involved in development will never be able to create perfect code. Nevertheless, the developers make efforts to ensure that consumers receive a quality product in the end. On the example of Android, we can observe another confirmation that the more popular a product is, the more it is susceptible to attacks by cybercriminals. Later in this article, we will take a closer look at what threats this operating system and, as a result, its users are exposed to.
Viruses for Android? No, I haven't!
When the first malicious program for Android was discovered in August 2010, many users took the news as some kind of attempt by antivirus companies to intimidate them and pull money for their products. Over time, the number of Android threats continued to grow. More than a year and a half has passed since the first Trojan appeared, but despite the fact that at the end of 2011 the number of malicious programs for this platform increased at least 20 times, a large number of users are still skeptical about the issue under discussion.
So what types of Android malware are there and how are they dangerous?
The list is confidently topped by SMS Trojans (the Android.SmsSend family). The purpose of such programs is to send messages with increased tariffs to short numbers. Some of the value of these messages goes into the pockets of the attackers, enriching them. Such programs practically do not differ from each other, except for minor changes in the interface and short numbers to which messages will be sent. Most often, they are distributed under the guise of popular applications and games, such as Opera Mini, ICQ, Skype, Angry Birds, etc., using the corresponding icon.
The list is followed by more "heavyweight" Trojans. These include, for example, Android.Gongfu, Android.Wukong, Android.DreamExploid, Android.Geinimi, Android.Spy, etc. Depending on the family, these malicious programs have such functionality as, for example, collecting confidential user information, adding bookmarks in the browser, executing commands from cybercriminals (backdoor and bot functions), sending SMS messages, installing other applications, etc. To implement the ability to install applications without arousing suspicion on the part of the user, Trojans need root rights (rights, with which the kernel of the system works). To do this, they use various methods, which will be described in more detail a little later.
Commercial spyware is also important. These apps are used to spy on users. Their arsenal, depending on the class, cost and manufacturer, includes such functions as intercepting incoming and outgoing SMS messages and calls, audio recording of the environment, tracking coordinates, collecting statistical data from the browser (for example, bookmarks, visit history), etc. Despite the fact that most of these programs require initial configuration and manual installation, they pose a significant threat, since after being inserted into the device, they do not create an icon among other installed programs, and their presence can be detected only by indirect signs, including by going to the system menu with a list of applications. If you closely monitor installed programs and know the names of legal applications,
Other malware can combine the various functions described above.
Separately, it should be said about the advertising modules used by the creators of programs and games and used to make money. When a user clicks on a displayed advertisement and navigates to the advertised product or service, the application developer receives a certain amount of money. In most cases, such modules do not pose a threat to the user, however, there are also less harmless ones among them. For example, advertising messages may appear not inside applications, but in the status bar of the device. Such messages can easily be mistaken for system messages, which is what cybercriminals take advantage of by using phrases like "An urgent system update is required" for advertising (you will almost certainly receive another Trojan instead of an update).
A number of modules behave too aggressively, collecting confidential information of users (IMEI, phone number, name of the operator used, etc.), as well as adding shortcuts to the desktop and bookmarks in the browser. Applications using such modules are detected as adware or adware (for example, Adware.Airpush, Adware.Leadbolt, Adware.Startapp, etc.).
Vulnerabilities in the Android operating system and the software it uses
The architecture of Android is built in such a way that all applications run with limited rights and do not have access to the protected data of other applications.
As noted above, Android is not a perfect system, so it should come as no surprise that it has vulnerabilities. One of the main problems that users may face is system vulnerabilities that allow them to get root privileges. There are special applications, scripts and software modules that perform this task. In everyday life, such things are not scary to users, since they are most often used deliberately to gain more control over the device. Another thing is that the same vulnerabilities (for example, CVE-2009-1185, CVE-2011-1823) were adopted by the creators of malicious applications. Using exploits (the very same software modules and scripts) to elevate their rights to the root level, they get the opportunity, for example, freely install other programs without the user's permission (as do various modifications of Android.Gongfu and Android.DreamExploid). Some malicious programs do not use exploits themselves, directly, but mislead the user and induce him to take the necessary actions, thereby giving the malicious program the capabilities it needs.
One of the key elements of Android security is the Permission System. When installing applications, the user is shown a list of all the functions that will be available to this or that program. After installation, applications are able to perform their functions without user intervention. On the one hand, demonstration of program capabilities before installation should provide an adequate level of security, but not all users carefully study the list of functions. Moreover, it is impossible to say with certainty whether this or that function will not be used in the future to the detriment of the user. But this is not the last drawback of this system. For example, it is possible to create applications that will not require any permissions for their work, which can create a false sense of complete security. However, in reality, such applications will be able to access certain information (for example, files stored on a memory card in an unprotected form, a list of installed programs used by a mobile operator) and even send this information to hackers over the Internet.
The use of unofficial or third-party firmware can also pose a threat. There are several reasons for concern here. Firstly, malicious programs can be embedded in such firmware from the very beginning. Second, when an application is digitally signed with a system image, it receives the same rights as the system itself in which it operates. Under the Android Open Source Project (AOSP), signatures for images are private, so this scenario is possible, for example, if the corresponding signature is stolen. A similar method of infection was used, in particular, by the Android.SmsHider malware, which could unnoticed by users using certain third-party firmware, install the Trojan apk it contained.
System applications, both standard and those from Android device vendors, are also vulnerable to vulnerabilities. For example, some vulnerabilities in the WebKit browser allow potential malware to execute arbitrary JavaScript and gain access to protected browser data.
If application software developers do not pay sufficient attention to security when working with user data, this data can be compromised. Registration data stored in an unprotected form, passwords from bank cards and other confidential information can be attacked. If, during the operation of the application, the same data is transmitted over the network directly in unencrypted form, then they are also potentially vulnerable to compromise from attackers. One of the notable precedents for such a problem was the situation with the Skype application, when user data, including profile information, contacts and chat history, was stored unencrypted and, if desired, could be easily obtained by attackers.
Openness
The openness of the Android system lies in several factors. First, it is the availability of code that can be used, modified and improved by developers depending on their needs and ideas. On the one hand, this is a definite plus for device manufacturers and developers, on the other hand, it enables not only researchers, but also attackers to find vulnerabilities and errors more productively.
Secondly, it is possible to install applications both from the official Google Play application catalog (formerly called Android Market), and from any other available source.
Thirdly, the creation of applications is practically generally available, since you need to pay only $ 25 if the developer wants to place his products in the official catalog, and no material costs are needed to distribute programs outside of it.
Fourthly, programs hosted on Google Play have not been pre-screened or tested by Google until recently. More recently, the Bouncer system was announced, which should check applications placed in the Play directory for malicious functions; developer accounts will also be verified. Undoubtedly, this should increase security to some extent, but it still does not solve the problem, since malware creators can use various tricks to successfully bypass the Bouncer system.
Platform fragmentation
Due to the fact that the Android system is used by a large number of manufacturers of mobile devices, and at the same time there is no specific framework for their technical characteristics, devices with a wide variety of functionality are available to consumers. As the next system update is released, not only new functions are added to it, but previously discovered vulnerabilities are also closed. Manufacturers, at their discretion, release the corresponding update versions. Sometimes it happens that a device that has recently been a flagship does not receive a new version of the OS or software and, accordingly, remains unprotected from potential threats. The reason for this can be both economic considerations (adaptation of the update will require too large financial investments, or the manufacturer simply wants to make money on the sale of new devices),
Human factor
Whatever the level of system security, the human factor plays an important role in ensuring security. As an example, we can cite elements of social engineering used by cybercriminals, for example, the previously mentioned method of distributing malicious programs through advertising in applications using loud phrases ("An urgent system update is required", "Your browser version is outdated", "Install Skype update immediately " etc.). The same can be said about cases of spreading malicious programs using SMS spam (in this way, for example, the Android.Crusewind backdoor was spread).
Another element of social engineering is the game on the desire of many people for something free ("New version of Need for Speed", "Update Asphalt for free!"), As well as the use of the theme "for adults" ("Supergirls, download here!", "Collection of photos of a naked beauty", etc.).
In addition, attentiveness on the part of the users themselves is also important. Very often, cybercriminals fake well-known sites, imitating their design, structure, or trying to create an exact copy. At first glance, such a site may look exactly like a real one, but upon closer examination, you will notice a catch. For example, the address bar will indicate a site that is completely different from the original, or has slight distortions (for example, vkontlakte.com, vkontakne.b1.ru, androldmarket.com), or some familiar element will not work on it, or at all something familiar will be missing.
Applications can also be tampered with, and an inattentive user is more likely to share his personal data with attackers (login and password from a social network, credit card information, etc.). There can be many options.
Conclusions
So, we have considered the most common threats that users of devices running the Android operating system may face. Now we can summarize and draw some conclusions.
One of the main security concerns when working with the Android OS is, first of all, the human factor. No matter how secure the operating system is, carelessness, inattention, self-confidence and simple ignorance will sooner or later endanger the owner of a smart device. For example, the user's confidence that they are safe leads them to ignore security tools such as anti-virus programs. When cybercriminals use tempting offers, for example, downloading free versions of paid applications and games, they use the desire of people to gain profit without loss for themselves. When a well-known site, game or application is forged, and the user is inexperienced, he may not even realize that he is exposed to any risk,
The next important problem is indirectly related to the first and concerns the software vulnerability of both the operating system itself and the application software. Android is built by people who, by their very nature, can make mistakes. These mistakes may never be noticed, or they may appear at the most inopportune moment. A detected error in the code is taken up by cybercriminals if it will bring them some benefit. Thus, users face, for example, malware that uses root exploits to elevate privileges on the system. Most of these exploits were originally conceived to help more experienced users, but quickly migrated to the arsenal of cybercriminals.
Despite the efforts made by Android developers to ensure maximum system and user security, there are ways to bypass security barriers. In addition to root exploits, an example is the signature of malicious applications with a security certificate of third-party firmware, which allows such programs to work with system rights on the corresponding OS image. The permission system is also imperfect. The previously described case of creating an application that does not require any permissions at all for its operation is also an example of the fact that errors are made, and any protection can be bypassed.
If application developers do not pay enough attention to security, this can affect the level of protection. The Skype case confirmed this. Similar flaws can be found in other applications, which is by no means good news for users.
Despite the positive aspects of the platform's openness policy adopted by Google, there are also negative aspects. First, it increases the likelihood of discovering vulnerabilities that could be exploited by attackers. Second, a very liberal attitude towards the process of creating applications and the wide possibilities for their installation by end users is also exploited by enterprising cybercriminals. Google's introduction of the Bouncer system is a step towards increasing security without major changes in the open policy of the Android ecosystem, but it may not be the solution to all problems.
The next major disadvantage of the Android OS is its fragmentation. The existence of a large number of device manufacturers and different versions of the system creates certain difficulties, since users cannot always receive the necessary update, which significantly affects security. The push by some manufacturers to release new models as often as possible may even force some consumers to stop using Android devices anymore. This may be due both to the fact that they cannot receive the desired system update, and to the fact that the characteristics of devices after the release of new models have time to become significantly outdated and no longer meet user requirements.
And, of course, malware is a danger. Using the above-mentioned features of Android, the attackers quickly adapted to the new structure of the mobile device market and began to master all possible and most profitable schemes for them. In their dark deeds, they use SMS Trojans to make quick and easy profits; The use of Trojans that steal confidential user data also allows them to earn money, for example, by reselling e-mail information, logins and passwords from various social networks and other services that are beneficial to them. Social engineering also contributes significantly to their prosperity.
Don't forget about the commercial spyware manufacturers who sell their solutions for decent sums. At first glance, the prices may seem very high, but the benefits that potential customers can get can be many times higher.
What's in the future?
We can say with a certain degree of confidence that in the near future, the owners of Android devices will continue to be threatened by malware, especially SMS Trojans. Trojans-spies and Trojans-hijackers collecting confidential information will also not be left out. In the future, malicious programs that combine various functions, including those using root exploits, will also appear. There are also cases of exploitation of discovered vulnerabilities in popular applications.
The organization of large botnets is not excluded, capable of carrying out attacks on Internet resources or sending out mass spam. There may be an increase in the incidence of malware infections among those users who use third-party and unofficial firmware. Such attacks can also be of a local, targeted nature, when the most interesting firmware versions will be selected by attackers.
Trojans-blockers and ransomware, already familiar to Windows users, are likely to appear. Attacks of such malicious programs can be widespread, for example, among owners of rooted devices, but it is also quite possible that these Trojans will themselves perform the necessary actions to elevate privileges in the system or entice the user to do so using social engineering techniques.
In addition to the "classic" spyware Trojans, it is not excluded that the so-called. analytical applications like Carrier IQ. Such programs can be used by device manufacturers and telecom operators to collect statistical and analytical information, however, as the case with Carrier IQ has shown, the information collected can be excessive and directly threaten user privacy. Manufacturers should, at a minimum, inform consumers about the availability of such applications and how they work. However, there may be cases when the manufacturers themselves do not fully know how the information collected meets the security requirements.
One way or another, social engineering will remain one of the main attack vectors. At the same time, the attentiveness and caution of users should play an important role in ensuring safety. An appropriate level of security must come from both the mobile device manufacturers and the application software vendors. They need to release system and application updates as soon as possible as vulnerabilities are discovered. It is also necessary to ensure the proper level of confidentiality of users and the protection of their personal information.
Improvements are still possible in the direction of hardening Android. For example, the functionality of the applicable permission system can be extended by adding an additional degree of application control. Now users can see what functions a particular application can use only during installation and when opening the corresponding information in the system menu of the device. If, however, a system is introduced that displays the need for programs to perform a particular action, and also allows the user to decide what opportunities to provide to the program, this can increase the level of security.
Thank you for your attention!
