With an ever increasing number of new devices running Android, many users may now be considering some level of adoption of the Linux-based mobile operating system. With development led by Google and overseen by the Open Handset Alliance — a group comprised of over 80 hardware and software companies — there is arguably no shortage of technical know-how and input into the total Android code base.
But while usability may be being maximized through this collaborative open source team effort, the safety and security of the Android platform is still questioned as various streams of malware have been designed to attack the Android operating system.
Recent reports have suggested that a security flaw in Android version 4.0.4 (also known as Ice Cream Sandwich) has been identified that has the potential to allow rootkit malware to compromise users’ devices by means of so-called ‘clickjacking’ techniques. With this version of Android now estimated to be installed on as many as one in ten Android devices, this has serious implications if left completely unchecked and the user carries on oblivious to any risk.
For the record, Clickjacking (which is also often known as UI user-interface redressing) is a malware exploit method where the user is misdirected to a different application to the one they think they have chosen by selecting a “clickable button” on screen. Once directed to a different (often hidden) separate application that itself is potentially compromised by a rootkit or some other form of malware, damage can be further perpetrated by the hacker(s).
So is the Android operating system safe?
This is as broad and open a question as anyone could pose of almost any operating system whether dedicated to desktop and laptops, or mobile tablets and smartphones. What we can ask is whether the Android operating system (perhaps by no coincidence as a result of its increasing popularity) is susceptible to attacks in the same way that almost every other operating system is — and the answer here is yes.
The Google Play web portal (previously known as the ‘Android Market’) has comparatively fewer ‘app’ vetting and rating controls than Apple’s App Store or other application download sites, and it appears that rootkits of the kind recently reported could be downloaded as part of infected app, rather than as a direct attack on the operating system.
So what can users do?
The best advice here hinges around information awareness and common sense.
- Don’t download an application, any application, from any source, without performing a few obvious searches to check on other users’ opinions, usage experiences, reviews on the Google Play website and other safety reports.
- Don’t download an application that offers software that is normally charged for at no cost; and review the “permissions” that the app is requesting when it is installed before you open up unwanted access to your device and/or computer system.
- Use consumer common sense and don’t download something that looks obviously suspect.
- Install an Anti Virus, such as AVG Mobilation, with the latest security updates and signatures to stay protected against threats.
- Stay aware and stay secure.