The recent announcement that Google would no longer be supplying security updates for legacy Android users has caused consternation among fans of the search engine giant’s smartphone operating system. With more than 930 million Android mobiles being affected, the decision highlights a growing concern over smartphone and tablet security. These days’ people rely on their smartphones for more than just calling and texting. With the rising popularity of the so called ‘phablet’, people are using their mobile handsets for everything from surfing the web to collaborating on business documents. Now, more than ever, data security and personal privacy are the chief concerns for savvy smartphone owners. So, it comes as unwelcome news that many of Androids most popular apps are failing basic security reviews, putting Android users’ data and privacy at risk.
Deja Vu for Android
This isn’t the first time that Google’s Android has come under fire for potentially hazardous apps. Earlier this year, Prague based security firm Avast discovered that a selection of gaming apps available directly from Google Play were infected with malware. The security issues in that case mostly centered on certain gaming apps that, when purchased and downloaded onto the user’s smartphone, infected the operating system with adware and malware. Typically, the malware would hibernate for weeks before going into action. Users would have no indication that their mobile was infected until they began to be plagued by adverts warning them of security issues with their phone. The user would then be redirected to a third party app that promised to solve the imaginary problem, ultimately installing spyware that would harvest the user’s data and personal information.
Google has attempted to downplay the reports, assuring users that the problem is not widespread and only affects a small percentage of Google play customers. However, more recent reports of malware hidden in some of the more basic Android apps suggest the problem may be more widespread.
Latest Batch of Vulnerable Apps
The latest batch of vulnerable Android apps are perhaps more disturbing than previous groups. The suspicious apps discovered by Avast were mostly gaming apps developed by third parties and submitted for distribution by Google Play. However, the latest batch of at risk apps are more well know, and make up some of the most popular apps downloaded and used by Android owners. They include Instagram, Grindr, HeyWire, TextPlus, and OKCupid to name just a few. Other popular apps are also said to pose serious security risks for users.
The issue with these apps appears to lie in their failure to successfully encrypt user data. The University of New Haven’s Cyber Forensics Research and Education Group found that Facebook’s Instagram application allowed its user’s uploaded images to remain unencrypted and accessible without any form of authentication. These same encryption and storage issues were also found in other popular apps like Grindr, MessageMe, and Tango.
Allowing this data to remain stored without any form of encryption and accessible without any form of authentication, makes it easy pickings for potential hackers. Further problems were discovered with many of the same apps’ SSL/TLS security protocols, putting any unencrypted data at an additional risk for so called ‘man in the middle’ Wi-Fi hacks. The research group has reached out to the developers of the vulnerable apps, but so-far has seen little response. It would seem, at least for the foreseeable future, that these apps will remain a significant risk factor for Android users.
Google’s Android continues to come under fire for potentially vulnerable apps. One would only hope that Google is currently working to address the situation, and will put a new emphasis on their customers’ security. In the meantime, users should beware of downloading suspicious apps, and should be hyper vigilant about protecting files stored on their phones.