• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

Android security flaw uncovered

Fred Weiss

Merchant Member
The security of devices used in the office should be a top priority for business owners and managers. It is easy to think that a fully functioning device like a mobile phone is secure, and most of the time it is. The thing to be aware of however, is that there are always hackers looking for security flaws in these products. The latest flaw highlighted happens to be on the Android system.

In early July, mobile security company Bluebox announced that they had discovered a large security flaw in the Android system. The threat centers around a trojan application that can gain access to application data including email addresses, SMS messages, etc, and can get service and account passwords. In other words, it can take over your whole phone.

The way this so-called trojan infects mobile devices is through an app. Hackers have figured out how to tinker with the application's code, and implement the malware without changing the cryptographic features that are used by Google Play and other online stores to validate and identify apps.

What this means is that the changed app looks legitimate to Google, developers, our phones and us, but it really has malicious code embedded in it, code that could give a hacker full access to your phone. The good news about this is that it can be easily fixed with an update. The bad news about this is that it is up to device manufacturers to actually release the fix. This is because most Android device manufacturers basically own their own version of Android and need to push the update to owners - Google can't do this. Beyond that, it is up to the device owner to actually update their phone when the fix is released.

If this sounds a little worrying, it should be, especially since this affects every device except for the recently released Samsung S4 Touchwiz. There are things you can do however to minimize the chances of your device being infected by this bug.


  1. Don't allow your device to install apps from unknown sources - Think of Android apps as coming from two systems: Google Play and not Google Play. Any app that comes from not Google Play (e.g., Amazon app store or various stores not owned by Google) can technically be installed onto your device, as long as you have allowed apps from unknown sources. If you haven't enabled this on your device, you should be safe. If you have, you should disable this immediately by going to your device's Settings followed by Security and ensuring Unknown sources is NOT ticked.
  2. Only download apps from the Google Play store - Unlike other mobile platforms, you can download and install apps from almost any location on Android phones. While this may seem like a good idea, many of these external marketplaces don't validate apps, so this is where you will find most of the apps with malware. Google Play does validate apps and will remove malicious ones if found, so play it safe and only download apps from the store.
  3. Always verify the publisher - Malware does still make it onto Google Play, so you should also look at the publisher of the app. When looking at an individual app, scroll down to the Developer section. There you will usually see a webpage, email address and security/privacy policy. Pay close attention to the name, email address and do a Google search for the developer. If you notice that they use a different email address on the site, or a spelling mistake, you should probably avoid the app.
  4. Look at the app download statistics - Finally, if you are still unsure, you should look for the app on your browser. Just navigate to the Google Play website and search for the app. When you find it, click on it and look at the right-side of the window. You should see ABOUT THIS APP with lots of information below. Pay close attention to the Installs graph. If it is an app from a big-name developer e.g., Google, there should be a high number of installs. If it is say a Google App and the number of installs is low (under 1,000) it would be a good idea to avoid it.
  5. Keep your device updated - If you get a notification to update your device, you should do so immediately, this will ensure that you have the latest bug fixes and could also introduce new, useful features.

If you are careful about what apps you install and take steps to ensure that you only install apps from the Play store, your device should be relatively safe. Google has announced that they have patched their cryptographic features on Google Play, so any new apps going onto Play should be safe from this particular exploit. There is a good chance that they will also correct this issue in a future update to the Android OS (likely 4.3), but older devices may be left out of the loop. So, as we have already told you a few times: Don't install apps from outside of Google Play, and be sure to follow the tips we talked about above.
 

rjssigns

Active Member
Maybe if they caught a couple of the hackers and put them in prison for 10 or 50 years that would help.
 

ddarlak

Go Bills!
I was just telling someone yesterday I think my phone has a virus or something, it has been acting very strange lately.

I knew it was only time before phones started getting whacked.
 

GWSigns

New Member
Maybe if they caught a couple of the hackers and put them in prison for 10 or 50 years that would help.

Good thought, except that - they can still have access if they want

http://www.newson6.com/story/22820087/oklahoma-inmate-updates-facebook-page-from-within-prison

http://www.brenthorstlaw.com/Media-...nessee-Prisons-Points-to-Larger-Problem.shtml

http://www.wsmv.com/story/22092401/...s-at-14-prisons-after-channel-4-i-team-report

This has been big news recently here in TN
 

choucove

New Member
It's good to post up information on this. A lot of people don't really think of the vulnerabilities of their phones, but they are a computer like anything else with vulnerabilities and are capable of getting viruses. I highly recommend Android users downloading the free Lookout Mobile antivirus security program. It also has backup features to cloud backup texts, pictures, etc. if you want, so that in the event you lose your phone or it is destroyed, you can still get all your information back. There is also a location service, so that you can go online and view exactly where your phone is located in the event that you misplace it or it is stolen.
 
Top