Android Security Is Still Secure. Seriously.
There’s been a lot of media hype this past month about Android phones and their lack of security. Headlines such as “How Android Phones Hide Missed Security Updates From You” have been floating around causing mass panic.
Take a deep breath. It’s ok.
Despite the plethora of recent articles claiming that Android phones are under attack and that you’re a victim, chances are you’re actually safer than you think. Yes there was a study earlier this month that found some phones were behind on their security updates. But that doesn’t mean that all of your data is exposed to whoever wants to take it. Even with a few security updates missing, you should be alright. Let’s take a second to discuss some of the other security features that Android architecture has in place to protect you:
Google Play Protect
Google Play Protect is a safeguard to protect Android users from malicious apps. Even with Google’s screening process to let apps onto the Play Store, chances are some baddies will slip through the cracks and are available for download. Google Play Protect attempts to stop these apps in their tracks by doing routine scans on your phone for every app even after it’s been installed. If there’s a cause for concern detected, you’ll be notified.
This software also applies to apps updates, so the short version of it is that apps can’t just slide by once. As long as you have Play Protect enabled on your phone, apps are continuously exposed to it. Chances are your phone already has Play Protect, but if you want to be sure (or just see what it’s been up to) you can find it in the Play Store. Open the store and then tap the 3 horizontal bars menu icon. Then select “Play Protect” and you’ll be taken to a page showing what apps have been scanned recently and how your device looks.
Android apps are naturally sandboxed from one another. What this means is that each apps data and code execution is isolated from others. So if you happen to download the wrong app it doesn’t mean it will automatically have access to all of the apps already on your phone. We go into depth about the android security framework in our Android development course over at Phonlab. Content Providers offer a storage mechanism for apps so that their information has to be requested before it can become accessible to just anyone.
Android Permissions work along with this to make sure that no matter what if you have some common sense you should be safe. Permissions essentially are requirements that if an app utilizes a certain feature (such as syncing with your contacts) it has to be granted permission by the user.
These permissions are presented to a user when the app attempts to access them, and are only allowed when the user says so. You retain complete control over what access an app has. Imagine you downloaded a game and it started asking you for access to your contacts and your saved media files. Red flags should be going up right away since a game has no reason to use these. As long as you don’t blindly hit accept to every permission, you retain a ton of control over what an app can actually do.
What are your thoughts on Android’s security measures? Let us know in the comments below!