by Waleed bin Shahid

The Android platform was created by the Android Inc. which was later bought by the technology giant Google and later released as the Android Open Source Project. A consortium of 78 different companies formed the Open Handset Alliance whose key responsibility is to develop and distribute the Android Operating System. The development of Android Operating System takes place rapidly, as a newer version replaces the older one after every few months. Android Lolly-pop is currently the latest version released in October 2014.

Android has now become the most widely used operating system for smartphones in the world. In the second quarter of 2014, Android’s smartphone market share surpassed 83% which is a clear indication of its overwhelming popularity especially among those who prefer using a device with an open source platform. Android offer thousands of programmers around the globe to develop highly interesting applications of various kinds which after approval are placed on Google Play, the official application repository for Google Android. Popularity of Android devices is not only restricted to smartphones as tablet devices powered by Android are on the way to capture the market dominated by Apple.

This rapid increase in the use of Android both for smartphones and tablets along with its open source nature has motivated malware authors to write highly sophisticated pieces of malware for Android operating system. The newer types of Android malware are not just proof of concept or early code but they are totally purposeful and matured. The vulnerabilities in the operating system and applications are being exploited by the hackers in order to penetrate into the systems, steal user data and gain financial benefits by compromising the confidentiality, integrity and availability of Android applications and user data. Malwares are generally found in applications which are cracked or which are not officially available on Google Play. Researchers around the world are analyzing android malware by studying its code, features, and functionalities. The objectives which govern the analysis of malicious android applications are, but not limited to:

  1. To study and understand the loopholes in applications and operating system that might have provided the malware with a safe heaven
  2. To analyze and find out the features present in the malware and present remedial measures
  3. To investigate the severity of malware attack by understanding the malicious code section and functionality.

There are many anti-malware tools for the Android operating system which use different techniques to detect and eliminate Android malware. These tools either use static or dynamic analysis techniques to deal with Android malware. Static analysis checks the application code for malicious features and function calls while the dynamic analysis checks the running behavior of the application being tested. Similarly these tools also check the application’s permissions. Some applications are over-priviledged by calling extra permissions which provide attackers with a window of opportunity to attack by misusing them for nefarious purposes. 

Since securing any digital device is more of a management problem rather than technical, so there is a need to aware users about steps and measures to secure their Android smartphones. There are few best practices which must be fulfilled by all users for ensuring maximum security.

  1. Avoid Saving Passwords
    Many users tend to save their passwords to online services and sites on their device, never once thinking about what it would mean to a person who got their hands on the phone. Avoid having all important passwords saved in your device particularly when it comes to banking or payment apps and even mailing and social networking sites.
  2. Prefer Android’s In-Built Security Features
    Android provides built-in screen locks including password, pin, pattern and face unlock along with encryption features which when enabled further enhance your security. Even when setting these pin codes and passwords, make them difficult to guess for attackers.
  3. Lock your Applications
    Locking applications which hold private information is vital in order to ensure that no one else sees what you want to keep hidden. This is a second layer of security to prevent anyone from using your lost device particularly if they have managed to bypass your locked Android.There are many free applications for the exact purpose on Google Play.
  4. Keep an Eye on Application Permissions
    Before you begin installing an app from Google Play, a list of requested permissions will pop up to show you what permission the app requires. Apps require permissions to do things but not all of them are necessary.Always read through the permissions to make sure they make sense and correspond to what the app actually does e.g. an alarm app does not require a permission to access your text messages. This is a real important step because not all apps in the Play Store are safe. The list of permissions is popped before the application is installed.
    You should also make it a habit to read the comments as well as the rating of the app that you are going to download. This helps you understand more about what the app really does without trying it out firsthand.
  5. Securing the Network
    One of the most important steps in protecting your Android is to secure your network. Try to avoid using public WiFi whenever you want to do something important like doing your banking online. As long you are sharing the same network with the public, they can easily sniff out your packets and translate it into actual data of your private information i.e. your passwords.
  6. Install a Security Application
    In order to counter malware you should make use of an antivirus application which regularly checks your device of Trojans, malware, information stealers and other genres of virus. There are many high rated applications available for this purpose e.g. Avast Mobile Security which if kept updated can ensure maximum security on your Android phone.
  7. Backup your Data
    A backup of your precious data is a must-have in the day and age of smartphones. Picture the worst case scenario where your Android device has been stolen or hacked. Without a backup, you will lose all your information in your device.If you have a backup however, you can still restore your Android device back to its original state. You can choose to backup important information to the Cloud, your desktop or even to a flash drive.
  8. Only use Google Play
    There are many other repositories of Android applications which might contain cracked versions of otherwise legitimate applications. All apps residing in these repositories cannot be claimed to secure as they have not been verified by Google’s security team. So download applications only from the trusted source. In your phone settings you should disallow installing applications from unknown sources.

These basic security best practices if adopted can make your device secure and help you get rid of malware and hacking attacks which otherwise play havoc with your device with or even without your knowledge. Though with newer versions, Android keeps enhancing security features but these best practices still remain viable with whatever version of the operating system you are using. At the end of the day it’s all about managing security on your Android device as Bruce Schneier said that “If you think security is a technical problem, you don’t understand security and you don’t understand technology”.