Since the introduction and rise of the mobile phone, we have come to depend on our cellphones for literally everything. From calls, texts, playing music, sending and receiving emails, taking photos, and so much more. Gone are the days when you had to log into a computer to browse the internet. The cell phone has made amazing leaps and bounds.
Unfortunately, as with every good thing, there is always a hitch. The mobile hitch happens to be borne of mobile security threats, which have been on the rise. Back in 2014, Kaspersky unearthed nearly 3.5 million malware threats on over 1 million devices. By the year 2017, Kaspersky’s technologies detected over 260,000 malware threats in a day, most of them targeting mobile devices. Some of the cyber risks target Android OS more than Apple iOS. Some of the glaring differences between the two operating systems include:
- Source code
IOS is a closed OS and Apple has never released the source code to developers. An iPad or iPhone owner cannot modify the device codes, which makes it very difficult for a hacker to find a weakness on an iOS device.
Android, on the other hand, relies on open source code, which means an Android device owner can easily modify their device’s operating system. Too many modifications to the OS create vulnerabilities in the security of the devices, making it easier to hack. If a phone manufacturer rolls out a new device with modifications to the OS, and there is a weakness in the code, hackers will easily find it.
The iOS system runs only on Apple products, but the Android OS runs on devices from various manufacturing companies. Some of these companies may provide better security than others can. The device manufacturer may opt to use a base operating system or a customized ROM, which has irremovable software.
Cyber risks faced by Android users
The Android OS faces some cyber threats that the Apple OS does not, which include:
1. Security Updates
Over 1 billion Android devices risk falling prey to hacking since they no longer receive security updates. This vulnerability leaves billions of users in the world facing ransomware, data thefts, and other types of cyber threats. Any person using Android phone manufacture in or before 2012 should be particularly worried.
Google’s data shows that 42.1% of Android users globally are either using an OS version 6.0 or below. In 2019, no security patches were issued for the Android system for the versions below OS 7.0. In short, two out of five Android users globally were not receiving any security updates.
Which? tested five types of Android phones and had them successfully infected with malware, and managed to infect some phones with multiple types of malware. Android phones, some of them very costly, end up having a very short shelf life, then end up with no security support, leaving their users at risk of being hacked.
Google and other phone manufacturers need to be more upfront concerning security updates, giving clear information on how long the updates will last, and what users ought to do when the updates become obsolete.
2. Malware via rogue applications
The Android OS is very popular with billions of people around the world. This popularity means that developers are always building new apps specifically designed to run on the Android OS. This is not a bad thing, but the problem comes in when hackers build apps designed to infect your devices. Google app has an app review process before they vet an app, but the unfortunate bit is that the process is not as stringent as the vetting process in Apple’s App Store.
This makes it much easier for malicious apps to make their way past security into the Google Play Store, and much easier for a user to install the rogue app without realizing it is not legit. One major problem is that Android users can enable their devices to install software from unknown sources. This means an Android user can install software from other sources, aka APK, which users can download and install from other websites, by completely bypassing the reviews from Google Play Store.
Spyware is very common in Android devices, with millions of spyware running rampant on the internet every day. Most of the time, the user inadvertently installs spyware, which tracks the user’s online activities, decrypts passwords and usernames, and records patterns. While spyware and anti-virus software does a stellar job of detecting and deleting the offensive software, they may not do the job 100% effectively. Hackers have become cleverer and use more advanced methods to bypass this software and get to the core of your Android device.
Mobile device spyware is a mobile app that, when installed on a user’s phone, monitors and secretly obtains data from the user’s phone. It records everything, from text messages, phone calls, and other details. All recorded information is relayed to the app’s server and runs quietly and undetectable in the user’s device background.
As mentioned before, Android allows the installation of apps from unknown sources, and this feature is the major downside, as this allows the spyware to install on an Android device.
Cyber risks that affect both Android and iOS
iOS is touted to be very secure from hacking attacks. While this is true, some attacks are not specific to any operating system and can attack either system and cause as much damage. These include:
1. Man in the Middle Attacks (MitM)
Man in the Middle attacks do not target any particular operating system and can attack Android or iPhone users. Using public Wi-Fi comes with many risks, and especially positions you for a man-in-the-middle attack. The man-in-the-middle attacks are often found on unsecured public Wi-Fi and capture your data as you send it from your mobile device to a website or another device. A cyber-criminal might intercept your text messages or your emails, and you will be none the wiser.
MitM attacks can either be inactive and passive modes. They can actively change information and inject malware into what you may assume is a safe session, or passively ‘eavesdrop’ or spy on your communication, steal your passwords and other information.
MitM attacks are often launched through a method also known as the ‘evil twin’ hotspots that ape legitimate Wi-Fi hotspots, enabling the criminal to view and control all internet traffic passing through. For example, in a coffee shop, the Wi-Fi might be named after the coffee shop, say Fab Coffee Wi-Fi. An attacker will create another named Fab Coffee 2, confusing users, and tricking them into thinking their Wi-Fi hotspot is part of the coffee shop’s network.
2. Mobile Phishing
Phishing attacks have been around for a long time, and mobile phishing is becoming more common as users use their mobile phones for multiple functions such as online banking and browsing the internet. Hackers employ various tricks to scam mobile users using mostly emails, text messages, voice calls or pop up ads.
Phishing involves an attacker posing as a legitimate entity such as a bank, and sending an email with an attachment to the user, asking them to click on a provided link. Once the attachment or link is clicked on, the user is redirected to a fake website, which looks like the legitimate one. The site proceeds to solicit personal details such as passwords and usernames. Since most people use their mobile devices on the go, mobile phishing is becoming more common, and even uses Whatsapp message to trick users.
3. Data leaks
Mobile apps are the biggest cause of inadvertent data leaks. If you give a Riskware app broad permission to your phone, but rarely check security, this poses a huge problem. These Riskware apps are free apps on the official app stores and perform their duty as they should, yet send your personal and corporate data to remote servers where advertisers and potentially hackers, mine it.
How to protect yourself from these cyber risks
You can protect your mobile devices from these cyber risks; you can take the following measures:
- Install a VPN
A VPN (Virtual Private Network) is one of the most effective measures you can take for your mobile device’s protection. Use a VPN for your Android device to hide your identity, mask your IP address, and most of all, and encrypt your data. When using public Wi-Fi, any potential spy cannot read your messages as they are encrypted, as opposed to sending in plain text, so nobody can read them. A VPN uses (Advanced Encryption Standard) AES-256 encryption to encrypt your data. This encryption standard is so secure the US government uses it to protect all its classified data.
- Keep your phone locked
The biggest threat to your device and the data therein is if the device is stolen. The thief would get full access to all your information. To prevent your information from falling into the wrong hands, keep your phone locked. Use a pattern, password, fingerprint lock, or whichever your device allows. Enable the erase phone capability in case the phone is stolen.
While trying to crack your password, the thief will give you time to erase all phone memory, keeping your data safe. Enable automatic screen lock after a few seconds if you are not using it. This also protects you from anyone intent on injecting spyware on your phone.
- Set secure passwords
Ensure your apps have highly secure passwords, making it harder for any hacker to crack them. Try and have different passwords for your apps, so that in the event hackers crack one password, they will not have full access to your data.
Use a two-factor authentication method, where you can use a password alongside biometric authentication such as fingerprint scans or facial recognition. Ensure your passwords are unique, with the general rule of thumb being: make the password easy for you to remember, but harder for anyone else to guess. Use uppercase and lowercase letters, numbers, and throw in some symbols.
- Update your device’s OS
The intention of a mobile device’s operating system updates is to improve user experiences, be it security or performance. These updates are very regular, but most people tend to brush them off and ignore them, requesting the device to remind them later. It is crucial to keep the OS up to date as they protect your device from bugs and threats.
- Be wary of downloads
When downloading apps, ensure you download them from trusted sources such as the official app stores. As we have mentioned above, rogue applications by criminals mimic trusted and known brands to steal your credentials. To avoid this, look at how many reviews the app has, the contact information of the developer organization, and the last update.
- Avoid rooting or Jail breaking your device
Rooting or Jailbreaking your device means removing the safeguards put in place by the phone manufacturer. People root or jailbreak to be able to download anything they want, which puts your device at a high hacking or malware infection risk. These apps that have not been vetted open up your device to hackers who will steal your information.
- Install anti-virus
Anti-virus for mobile can greatly benefit your devices. These programs detect malware or hacking attempts and block them before they can do any damage.
Android OS is the most prevalent operating system in the world, yet the most vulnerable to cyber threats due to its popularity and open-source code. Being aware of the threats that both Android and iOS face is crucial to keeping your device safe from hacking. Hackers get more advanced techniques to steal data every day.
Employing tactics such as using a VPN, locking your phone, using unique passwords, and updating your OS are just some of the ways you can thwart efforts to hack into your mobile device. Seeing as most people bank online, even more reason data should be kept safe. If a hacker gained access to your bank accounts, they could easily wipe you clean. Hackers never sleep; they are always devising new ways to steal your data. Staying vigilant and on top of things is the only way to fight back.
Jack is an accomplished cybersecurity expert with years of experience under his belt at TechWarn, a trusted digital agency to world-class cybersecurity companies. A passionate digital safety advocate himself, Jack frequently contributes to tech blogs and digital media sharing expert insights on cybersecurity and privacy tools.