Well yesterday I was talking to a systems engineer and she tells me that she attended a meeting about the Computer Security, since employees have to know how to protect their data and that of the company.
Turns out they talked about the phones Android and it turns out that they are not as safe as they appear. According to what she told me, they discovered people who were selling cell phones Android Hacked by themselves and in this way they obtained the data of their buyers and thus they earned a lot of money, since the bank accounts of their victims were known.
I also started researching malware afterwards and it seems that malware on Android is a very real thing And that is growing more and more, since hacking an Android phone is something very easy if the user does not take the necessary measures.
Many would argue that being based on Linux is more secure, but it is only based on the Linux kernel, it is a completely different operating system than GNU / Linux, and therefore handles its own software and its own security updates, among other things, which must be taken into account.
As far as I know there are four ways for malware to affect your Android:
- That the phone comes hacked "from the factory"
- That you got a virus
- That the cooked Rom you installed is hacked
- That you download some malicious application
Getting a Virus out of your Android
Having malware on Android is more likely than it seems, in fact the reality is that there is a growing amount of malware (viruses, Trojans, rootkits) for Android. However, the risk can be drastically reduced if certain security measures are followed:
- Using a secure browser, for example Firefox is the most secure browser on the market today
- Do not download files whose origin is in doubt. This is the most important measure out there, since there is a lot of malware on the internet hidden in ads, emails, browser extensions, among other things, do not trust anything that seems suspicious
- Have an active firewall. A very important measure, since it monitors and blocks, if necessary, the IP connections with the internet.
- Optionally, they can have an antivirus activated to improve system security. I only recommend this if you are very careless when surfing the Internet or have your phone rooted, since otherwise it is very difficult to get infected. When browsing the Internet, you have to be especially careful with spam and also with drive-by downloads, since they could affect your system, but they can only affect your system if you are not attentive. For example, if a file is downloaded automatically without your consent or it asks you to download a new extension for the browser, don't do it, it is surely malware, but with the antivirus activated it could get blocked.
If you don't know what a drive-by download is, here is explained
That the cooked rom you installed is hacked
This is rather a warning to use caution and judgment if you are going to install a different Rom from the original, that is, a cooked one. I'm not saying they are all hacked, but don't trust them.
That you download some malicious application
This is a slightly more controversial subject. When it comes to third-party software it is more than obvious that you have to be careful with what you install, since it could be infected, I mean the apk. The issue is when it comes to whether Google Play is safe, as you know the Google Play software is not made exclusively by Google, but external developers also participate, which, in fact, I support, since it is a way to promote software development for individuals and not just companies.
But, what seems an advantage could also be a disadvantage, since Google does not manage to test all the apps in the Play Store.
It is best not to install apps of dubious reputation and edit the permissions of the applications so that they do not have access to things that are not necessary. For example, if Angry Birds has access to the camera, it is better to disable it, take special care with apps that have internet access.
Security measures
Apart from the above, other things that must be taken into account and are essential for the security of the phone:
- Do not root the cell phone
- Apply security updates
If you are going to root the phone, be very careful because it can be very dangerous. Although, it can allow you to modify the cell phone to your liking, it can have serious consequences because what you are doing is giving administrator privileges to your user, with which not only you have access to the entire system, but also any application (or virus ), which is very dangerous. It is highly recommended that you do not do it, unless you are really careful and follow what I say in this post to the letter, then you will be safe
This guide is very good, although it is in English: https://media.blackhat.com/bh-ad-11/Oi/bh-ad-11-Oi-Android_Rootkit-WP.pdf
Updates are also important, as what they do is patch loopholes in phone security. So whenever the phone prompts you, update the system.
Fonts
Here are some sources that helped me and that make a more exhaustive analysis:
- http://www.sophos.com/es-es/security-news-trends/security-trends/malware-goes-mobile/smartphone-as-emerging-threat-vector.aspx
- http://www.protecciononline.com/poca-seguridad-de-los-celulares-con-android/
- http://mashable.com/2013/08/01/how-hackers-turn-your-android-into-a-spyphone/
And here are some news and posts that also talk about this, although some have slightly less precise information:
- http://www.informationweek.com/mobile/google-dont-fear-android-malware/d/d-id/1111863?
- http://antivirus.about.com/od/wirelessthreats/a/Is-Google-Play-Safe.htm
- http://www.techrepublic.com/blog/google-in-the-enterprise/malware-in-the-google-play-store-enemy-inside-the-gates/
- http://www.clarin.com/internet/Alerta-virus-peligrosos-celulares-Android_0_981502081.html
- http://www.taringa.net/posts/info/11781844/Android-Virus-en-el-90.html
90% or more of the software on android is freeware or shareware, so it's useless to have ad-free apps, which is another way bugs sneak in.
Yes, it is a theme. I got them access to some things in the applications, but if you do it they may not work, and if they don't work that's why I won't even install them
CyanogenMod (or Replicant) with F-Droid are more secure than a factory Stock ROM from a Samsung Galaxy.
It is proven that there is nothing that cannot be violated
Regards!
I do not agree with some of the statements in the post, although I will not refute them all. I will comment on one in a timely manner:
"Do not root the cell phone":
1. This is to cut off the idiosyncrasy on which the free software community is based, that is, only using the versions of Android that come ready to use by phone manufacturers is going against those principles. many ROM's to be able to use is beneficial for all, of course, the same community will be in charge of saying which ones are safe and the best. I do not agree, it is as if we were to say: "Let's only use X GNU / Linux distribution and don't use the others (less known forks) because who knows who develops them and it is dangerous".
2. From the point of view of security (which is what the post is about) it is not true either, I give you my personal case: I own a Sony Xperia P, which with all the factory updates was in version 4.1.2 Android and will not receive any updates from Sony [1] [2]. Now, version 4.1.2 (or lower) of Android has a very serious security flaw [3] and the manufacturer (in this case Sony) leaves me exposed to it. The logical solution in my case is to root my smartphone, as well as for people who do not receive factory updates and have been on Android 4.1.2 or lower.
It is important to understand that the idea of "not rooting the smartphone is safer" is totally false.
Regards!!!
[1] http://www.elandroidelibre.com/2014/02/12-telefonos-sony-xperia-dejaran-de-recibir-actualizaciones.html
[2] http://es.engadget.com/2014/02/05/no-habra-actualizaciones-parasony-xperia-s-p-j/
[3] https://www.youtube.com/watch?v=5-bNigiMrUw Video of the great DarkOperator
Hello, you are a little touchy I think.
I am not cutting anything, I am saying to be careful with which ROM you install, especially if you are newbies. And it is always possible to distribute copies of Android with Malware, of GNU / Linux possibly as well, but Android is much more widely used and is used by anyone.
Yes, I suppose that in your case it is fine to root the cell phone, but that warning is more than anything for people who do not know how to take care of their phone. I did not say that not rooting it is safer in itself, but it is because the biggest security hole is the user himself, so "totally" false I do not think it is.
regards
Now that I see it, it seems that I insist too much not to root it, although I say that if they do things right they will be safe. The thing is that if you had talked to the people I spoke to, you would have put it that way too, there were a couple who said that Android malware could not enter you and they gloated over it, as if they thought they were clear when they really had no idea .
Hello,
Exactly, at the end of the post there was the idea that with not rooting it there would be no problem, that's why it was my case. This topic is never ending and will always be relative. Although I understand that the post is aimed at non-technical people and in general they can be good advice for them, but unfortunately there is no secret formula to avoid getting malware. The only thing is to have common sense when using our devices, but it seems that common sense is the least common of the senses for layer 8 XD. And there I include myself, several times I have seen myself clicking on a Twitter link for some curious news and only after opening it I think that I should not have done it. If someone who knows the dangers sometimes lowers his defenses, what can we ask non-technical users?
The outlook is sad.
PS: I was not susceptible 😛 You should not read my previous comment as if I was saying it in an offensive way 😀 Greetings !!!
I almost told you to flash it with replicant, but I see that you use a Sony, better put CyanogenMod with F-Droid (in case you are ready to do without Google Play apps, of course).
I have had to root my Galaxy Mini because the Stock ROM is insufferable and the baseband did not allow me to work with CM 10.1.6.
Perhaps it would have been more correct in the article to say "Don't root it if you don't know what you're doing or if you won't do anything to the phone." I know people who only have it rooted because they told them it was good: P.
very good info, the contribution is very much appreciated !!!
"Using a secure browser, for example Firefox is the most secure browser on the market today"
Based on what data? How do I trust and verify which browser is safe or the safest at any given time?
The rest I like the information, it is very useful to know the measures to protect ourselves and be safe on Android.
But it will be very boring for Windows that do not install spyware on their Samsung or other crap with Android, they will not slow down and they will be efficient and that will leave them puzzled, sad and with nothing to do nor will they be searching Google for how to remove the crap that They installed when in some idiot game the ad "Your WhatsApp needs to be updated, click here" appeared and they bit him as autistic. Don't take away their fun.
What I want most is to install Firefox OS on my Samsung Galaxy Mini.
The difference between a Windowslerdo and an Androidiota is nullified when an antivirus is installed on Android. It's like slapping a mad and angry guard dog.
I am flashing cell phones with CyanogenMod and so far, I have not even a sign of a virus. In case I want to see something that is wrong, I go to the terminal emulator, I end the background task that interferes with performance and the issue is solved.
Also, Android doesn't seem that complicated to give you a good optimized on Stock ROM.
Good data, those ROMS look good, for my part I am going to keep the stock one.
The tools to root the phone usually come with a couple of applications: the first, to activate and / or deactivate the "root" (in addition, a pop-up window appears in case an application asks to use root, which you can allow or deny said permission), and the other, the one that verifies that "root" is precisely activated.
Normally, these tools are simple and straightforward, but the problem resides in the user, who is allowing as many applications as root requests without looking at what he does precisely (and that is the problem of the Internet Explorer user dilemma, which comes highly from the warning of pop-up windows and bars).
I don't know I always have my phone rooted, and I have never had problems of any kind, at home I use Linux and neither have any problems, of course there are people with very bad luck and viruses are always found.
Ah yes, if you do things right, then there are no problems with rooting, but there are some that do anything.
Anyway, I think I was wrong and that apps have access at all times, it doesn't matter if you are root or not, at least in other operating systems it is like that.
So, in short, if you more or less do things right and you are not a newbie with these things, then there is no danger in rooting.
On iOS, managing permissions is simple, but the problem is getting into the bowels of said OS (on Android this work is quite simple, so you can use a terminal emulator and you can do some magic with said Android device).
Ah well, I already grasped how it is. When you install an application, the application does not necessarily have root access, but there are some that do and in order to install them you probably need to be root.
Now, since I am not root, I am not sure if that is not a little dangerous, since it could be that when installing an application it has access to root and you do not know it, does Android tell you that you are giving it permissions to access important parts of the system or not?
On rooted Android devices, the Root permission manager such as Superuser or SuperSU immediately detects the applications in which they require this permission or not (thanks to the update rate that these ROOT permission managers carry, this problem of an exploit of Root permissions rarely happens).
Another point to take into account is that many times the antivirus are the ones that, for the most part, make use of the exploit of some applications that manage Root permissions, which are usually violated (as is the case with NOD32).
Hi. A query. Which application would you recommend to me to manage the privileges of the applications, that is, the one that they create more efficient. I used to do it with the antivirus, but now I want to do without it.
As for rooting, I have not done it because of the updates issue, and because I am already a bit paranoid since I first came to the blog, and read Mr. KZKG & Gaara 🙂
lol… having to install a firewall and antivirus…? no thanks ... android is slow, the last thing I want to do is make it slower.
and finally I would like to highlight how android became a breeding ground for malware (worse than windows)
And that's why I want to port Firefox OS to ARM V6 for my Samsung Galaxy Mini (I'm getting tired of changing the baseband of my cell phone so that CM 10.1.x works correctly).
Very good information without a doubt, although I have some mixed points of view:
1.- Don't root. The measure seems "silly" to me, because the truth is that many do not know how to use root correctly, they think that by doing it magically their smartphone will work like a charm and they will be able to make it run even Windows Phone if they want to…. ERROR!!!. The root error in Android, is not in the root, if not in the user, as long as it is used well there is no problem, even in stock ROMs and as @pablox commented, root is often the output of bass errors that will never be corrected in Stock ROMs by manufacturers, who should support these devices for at least two versions of Android.
2.- Use an antivirus. This measure seems unnecessary to me and gives more problems than those it "solves". Come on, most people who come from Windows know that no matter how much antivirus their system has, that does not protect them from viruses, the proof is in the many Windows machines that come to repair and everything because a virus was dedicated to doing and undo in the system (I have seen Windows 7 with three different antivirus and ... they have viruses). I myself have seen viruses that are in Windows and they are not detected by the antivirus (testing a worm with AVG Internet Security, Trend Mcro Titanium, Avast Internet Security and Karspesky) until almost three weeks after I had the virus in my possession thanks to a little machine. Needless to say, the thing that sneaks into Android devices the most is Adware, and antiviruses suck by taking action against these types of threats.
In case 1, the thing is self-explanatory. But in case 2, you can take other security measures, for example a hosts file editor, a security system such as SELinux, a fire wall with advanced filtering rules, and above all, be aware that install and where what we install comes from, be sure that the application is safe, and do not install it the first thing we see and say: «The Lottery has been won, press accept to claim your prize».
regards
Hello is exactly what I say, except for the antivirus. You can do without it, in fact I don't have antivirus on any system and I don't have viruses, but they block something or other, and that works for some, it's still optional, I said.
regards
I have a great Samsung neo, could you suggest that I install it to protect it, that fire screen and that so that I delete cookies and advertisements ... I have already happened some times that applications update themselves !! And now I have a danger mje from findforfun ...
Downloading music from Tubemp3 is risky?
Thank you
For the moment, Opera Mini is very light, safe and does not enter adware at all (because it does not open the banners with adware). Also, thanks to this browser, I completely dispense with Tapatalk (well, but I would have liked it not to have a version with Google adware.
Well, I do have it rooted, and no virus in sight, until now.
What I have done is not log in with my Google account, because the Play Services eats a lot of memory and RAM resources from my cell phone, instead I have installed F-Droid and APK downloader, with those I manage. And to avoid advertising I have Adaway installed and end!
In addition to the Clean Master to clean the cache and make backups with this same application (I don't like Titanium very much).
I have the TouchPal X keyboard that solves the smallness of the screen and the Tube Mate to download YouTube videos. Well so far I have lived virus free 🙂
Well, I'm new to android, the post is appreciated (y)
I am flashing cell phones with CyanogenMod and so far, I have not even a sign of a virus. In case I want to see something that is wrong, I go to the terminal emulator, I end the background task that interferes with performance and the issue is solved.
From a security point of view (which is what the post is about) it is not true either, I give you my personal case: I own a Sony Xperia P, which with all the factory updates was in version 4.1.2 of Android and you will not receive any updates from Sony [1] [2]. Now, version 4.1.2 (or lower) of Android has a very serious security flaw [3] and the manufacturer (in this case Sony) leaves me exposed to it. The logical solution in my case is to root my smartphone, as well as for people who do not receive factory updates and have been on Android 4.1.2 or lower.
You copied the comment to the one above and you didn't even see my answer
HELP I want a smartphone with LINUX operating system because Android has me a lot it flashes AND A LOT of VIRUSES I don't like someone can help me please I'll change my smartphone in a short time help
Hello, in any case it would be a phone with the Gnu / Linux operating system, because Android also uses the linux kernel. The closest thing there is is the ubuntu phone, but it still hasn't come out, although maybe you can try flashing your cell phone to put Ubuntu on it http://www.ubuntu.com/phone
Hi guys, I recommend an antivirus that is responsible for eliminating all the malware that the cell phone contains and also protects you from the access of others, it is Psafe, it is very good, it is worth using it. I hope my contribution will serve you. Regards.
Well, to optimize your computer it is easy ... you are looking for an antivirus that has the function of cleaning obsolete files, deleting other photos that you have and do not use and doing a temporary scan ... the net guys that until now I stay with PSafe, because it does everything what I just described!
It is more than proven that those actions that they say do nothing but do.
An antivirus in Android does not protect you from anything, as it happens in Windows, what can be violated will be violated, even if you keep 10 antivirus running on your Android, and cleaning temporary every 2 by 3.
My monkey test cell phone is already damaged.
Hi, I have a lg L5ll eh I wanted to know if someone can give me a solution because when I go to facebook the application closes alone and I get a carter to force.
Thanks to stupid Android I can't use my cell phone for a year: first, it's full of applications that I DON'T WANT (I was addicted to networks, I got over it and I'm not interested in twitter, or fb or any of those) and I CANNOT DELETE ; then, those same applications saturated my memory without me opening them even once and on top of that they CONSTANTLY extract data from my cell phone; And the icing on the cake: I ALWAYS downloaded applications from Google Play, I looked at the comments and reputation, I did not go downloading things that looked suspicious, I never opened links from my cell phone, in fact, I hardly even entered the internet ... and a day it occurred to me that I needed to see a photo or something like that and I downloaded the most innocent of applications. Result: three Chinese applications with ALL permissions and impossible to remove. In the same tablet, I downloaded an application to take notes and zaz! STUPID ANDROID !!!!!!! As soon as I can root it, I install linux and TO THE DEVIL WITH ANDROID !!! I already did it with Windows, and the results are great. I don't know much about computing, but the web is full of MOOC tutorials and courses, so it's a matter of time before I know more 🙂
Today there are many effective cell phone antivirus, but without a doubt, the best protection is good common sense.
I have tried some accounts and I prefer the Psafe app, I recommend it 100%.