Ever since mobile devices were introduced, there have been several attempts to exploit this technology. One of the earlier examples of this malicious action was during the early 90s, when analog phones with dedicated SIM cards were used. The chip technology wasn’t that sophisticated back then, and people found out how to clone a number to make calls and send text messages at other people’s expense. Another exploit was to use devices that could make calls to any network for free.
Today, schemes that take advantage of mobile devices are more common, but a majority of users still don't consider it as a real or particularly dangerous threat. Everybody thinks that computer viruses can only affect desktop computers, laptops, or network servers. However, not everyone is keen on what cybercriminals are after and how these schemes can affect users.
Let’s take a look at how one can be affected by malware, and the severity of what it can do. By downloading and opening an unverified or malicious file, one can easily introduce malware to a computer. Among many things, this malware can spy on users, giving hackers access to what users type, what websites they go to, and possibly even credit card and banking information if the infected machine is used to make an online transaction. Knowing these security risks will help you keep your information – especially your personal and work details – safe. And, if you're a mobile Web developer, keeping these things in the back of your mind during development will help you come up with more secure apps.
Smart Mobiles and Modern Threats
Now, imagine all this happening not on your computer, but on your Android phone. Today's smart mobiles have become so sophisticated that they're now susceptible to the same techniques that used to be limited to computers. With mobile malware downloaded through a malicious app, a cybercriminal can easily get your contact numbers, private information, login keys, and so on.
So how can you avoid this? Well, Google is trying its best to find vulnerabilities in its programs 24/7. In fact, it even rewards technical engineers who can find vulnerabilities in its processes. And once Google sees any vulnerability, it releases a patch or update that fixes this issue.
However, given that there are multiple brands that use Android as a platform, passing the patch from one hardware or software provider takes time. And in the course of this action, users might already be vulnerable to exploits over the net.
Besides system attacks, users are just as at-risk as they are on a desktop computer. Opening a link that leads to a website containing malware can be just as dangerous. The same goes with opening an unverified or modified program or installing one. Recently, German users were sent emails, supposedly from PayPal, to download an update to the app. The attached program contained spyware that tracked the phone’s PayPal use. Their main goal was to get users’ credit card information.
Android's Fragmentation Problem
But apart from human error, mobile manufacturers are constantly pressured to release vulnerability patches in faster intervals. Google also needs to work faster in detecting and patching these vulnerabilities.
Just this August, a gaping hole in the software was discovered that allowed cybercriminals to gain control of one’s mobile device with a single text message. And once they get in, any amount of data stored in a phone can be theirs for the taking: private conversations, video recordings, photos. They basically have the same access to the mobile device as the user. Luckily, there has been no news that hackers have discovered or have been using this vulnerability. The problem now lies with patch distribution. Since Android disseminates the patch to its vendors, the vendors now have to to make sure that their units receive the patch.
The Slow Trickle
Creating a centralized patching system would be an amazing feat for Android. Unfortunately, with all the manufacturers joining the process, the necessary information and fixes needed to protect users go from a quick flow to a slow trickle. For years, this has been one of the strengths of Apple. Being the sole proprietor of both hardware and software, they avoid these complications and give users updates in no time at all. However, this doesn’t mean that iOS devices are safe from malware or attacks, as they have their own share of mobile threats as well. But unlike Android, it is easier for them to patch every device with the said vulnerability.