Android - the most vulnerable among mobile operating systems
Do you use a smartphone that runs on Android platform? If your answer is yes, you should definitely be careful because it is the most vulnerable OS with Master key vulnerability and 79 percent of threats are targeting Android platform. Go through this post to know why Android is considered as the most Vulnerable and how can you make your Android devices secure.
Well this is not a breaking news but, you might consider it as breaking because Android smart phones we use today are the primary target to threats on mobile platform. Reports from US Security agencies and FBI say that 79 out of 100 threats target smart phones that run on Android. The next 19 attacks are focused on Nokia's Symbian OS but the good thing is their latest windows is as less as 0.3 percent prone to threats. Even iOS and BlackBerry are the most secure operating systems as reports indicate that they share 0.7 and 0.3 percent of the attacks. How can a new customer trust Android and how can an existing one continue to use it? Where does the defect lie? Fault of developers will be 60% and the rest 40% will be with the customers. Yes, what you read is absolutely correct. Know why?Why Android is considered as the most vulnerable
Generally, every developer or coder irrespective of his experience tries to give us the best output all the time. But every software developer knows that 100% error free software is difficult to be achieved. However, one can detect the loopholes either during tests or when it's sold out. And this can minimize the number of faults per KSLOC i.e. Kilo Source Lines of Code (faults per 1000 lines of code) but can't completely resolve the vulnerabilities. For example, most of the operating systems release updated versions every year and they overwrite faults in upgraded versions.
The same thing happens in case of Google's Android OS, studies indicate that more than 44 percent of Android users are still using older versions version 2.3.3 through 2.3.7. So, there lies the defect, when developers are modifying and reducing the vulnerabilities in operating systems we the users aren't upgrading ourselves. Defects in Android alone are not the loopholes for attacks, majority of the attacks in older versions are made through text messages i.e. text Trojans. Recently Jeff Forristal, chief technology officer at Bluebox wrote that their team discovered a major loophole in Android's security package that permits an attacker to make modifications to APK i.e. application package file.
An APK is a format used to distribute and install software and middle ware on Android OS and it's similar to MSI in Windows or a Deb package in Debian. Generally Android applications are in APK which are actually ZIP files with an extension. Prior to the installation of an app APK files are extracted and compared with a sub directory of digitally signed check sums. If any indifference exists, app will not be installed but, if to files with same nomenclature are put into a zip file one is verified and the second will be automatically installed. Not exactly, but the similar way an attacker can modify that code without even touching the cryptographic signatures and convert a genuine application into a Trojan without the notice of either user. So, the main bad gateway is at the cryptographic verifier called 'Master Key vulnerability 'of Google's Android which failed to block a fake file. Be cautious while you are about to install an app from play store by verifying the publisher and that's not the safest way even.What can we do now?
Will Android attract new customers with such vulnerabilities in its most demanding platform? Of course, this vulnerability threat is not a big issue for most of the users in countries like India where price is a major concern. People cannot shift to high priced iOS and Blackberry products all of a sudden. Also, it's highly difficult for anyone to list out the most vulnerable from millions of apps available on Play Store. Google may now look at this threat and fix it in coming versions and meanwhile let us stick to malware scanners that keep your device safe. BlueBox launched a free app I mean a scanner than scans your Android device and detects the presence of any installed malware. Regular scanning keeps your device safely patched and you can get in on Play Store People using the rest i.e. iOS, BB and Windows also should be careful because even hackers upgrade themselves with newer and deadliest bypassing techniques. So, let us hope that Google's next version Android 4.4 Kit Kat that is going to be added to the big line will have all the threats cleared.
Read Rooting Android phone tutorial
