Smartphones have become an integral part of modern life and they play a massive role in our work and personal lives every day. The need to protect our phones is critical, given the sheer amount of sensitive data that we store on them. Many of us are now spending more time on our phones than our desktops or laptops.
With 2 billion+ monthly active devices, Android is the largest and most popular platform in the world. In fact, according to Statista, there were over 108 billion Play Store downloads in 2020. It should therefore be no surprise that Android devices have become the number one target for cyberattacks.
The good news is that Android is by its very nature a very secure operating system, with multiple layers of defense to protect itself from dangerous cyberattacks such as malware. But since 95% of cybersecurity breaches are caused by human errors, it is the smartphone owner that is the biggest threat to their phones’ security.
For example, according to a survey by Consumer Report, 34 percent of all smartphone owners do not bother at all with their device’s security. According to the study, this explains why so many people’s accounts get hacked when their devices get stolen.
With that being said, here’s a look at some of the biggest cybersecurity threats to Android smartphones in 2021.
- Social engineering
- Fake apps
- Official app store insecurities.
- Mobile malware
- Third party app stores
- Lack of security updates and patches for Android
- Fake antivirus for Android
- Poor password hygeine
- Unsecured Wi-Fi
- Billing Fraud
This devious tactic is now just as prevalent on the mobile front as it is on desktops, and the modus operandi is the same: social engineers try to fool unsuspecting users into clicking on malicious links by impersonating family, friends or trusted organisations. And social engineering attacks on mobiles isn’t just an email thing. In fact, 83% of phishing attacks in 2020 took place in text messages or in apps like Facebook Messenger and WhatsApp along with a variety of popular gaming apps and social media services.
These platforms have all been used to launch sophisticated phishing attacks on mobile devices. Furthermore, mobile users have been found to be 3 times more vulnerable to phishing attacks than desktop users, presumably because the smaller screen size on smartphones make it a lot easier to spoof messages and trick users into thinking that a message was sent by someone they trust.
2. Fake apps.
Attackers may try to get into your smartphone using dangerous fake apps. Fake apps are Android or iOS apps that mimic the appearance and functionality of legitimate, popular programs that people already love to use. The aim is to con unsusecting users into installing these bogus applications. These apps tend to perform a series of malicious activities once they have been downloaded and installed. These include stealing money from your bank account, infecting devices with malware, collecting sensitive info or aggressively inundating your handset with ads.
Types of fake apps
There are three main types of fake apps:
1. Imposter apps
These are bogus apps that mimic the look appearance and behaviour of the original, legitimate apps. They often have the same user interface, description and because they cannot use the same name as the original, they use a name that is similar to the original. For example, “Update WhatsApp” was a fake app that looked like it was created by the company that created the original. It was so good that it fooled more than one million people into downloading it.
The problem of imposter apps is compounded by the fact that 50 percent of users often find it difficult to distinguish fake apps from the real thing.
There are apps that appear to perform the function for which they were downloaded, and there is nothing overtly malicious in the code of these apps. The problem is that these apps come with hidden, excessive subscription fees. Furthermore, if you don’t know how to properly cancel the subscription, the app will keep charging you long after you have deleted it from your phone.
3. Ad malware
These types of app could be a simple game or provide a simple function, but they are designed to
These types of app could be a simple game or provide a simple function, but they are designed to generate ad income by constantly inundating users with ads to force them to view or click adverts.
Examples of the damage that fake apps can do include:
- Harvesting your location data and contacts list.
- Stealing your banking details
- Subscribing your device to premium services.
- Recording your conversations.
- Changing the web browser’s homepage and search engine without your permission.
Some of the most popular malicious apps to avoid include:
- GPS speedometer
- Free messages, Video, Chat, Text for Messenger Plus
- Easy Scanner
- Weather Forecast
- Super Calculator
- Who Unfriended Me
Click here for more info on how to spot and avoid fake apps.
3. Official app store insecurities.
Some malicious apps have slipped through the cracks on both the Apple App Store and Google Play. So, even though you might have never downloaded apps from third party sites, you may still be at risk of falling for this scam. The official stores failed to identify several advanced cyberattack techniques and have been responsible for distributing malicious apps disguised as legitimate ones. For example, some fake camera apps on Google Play were able to amass between 500,000 and 1 million downloads in just a few days before they were detected and removed.
In many cases, these malicious apps are able to get past the rigorous checks of the official stores by submitting clean apps to start with, and then add malicious functionalities later on. Authors of the downloaded apps manufacture positive reviews to encourage downloads of the malicious apps.
Consider the following horrifying facts and figures as reported by Arxan Technologies:
- 97% of top 100 paid Android apps and 87% of top 100 paid iOS apps have been hacked.
- 80% of popular free Android apps have been hacked and 75% of the popular free iOS apps have been hacked.
- Mobile financial apps are still at risk – 95% of the Android financial apps reviewed were “cracked” while 70% of the iOS financial apps were hacked.
- 90% of retail/merchant Android apps and 35% of retail/merchant iOS apps have been compromised.
- 90% of Android healthcare/medical apps have been hacked, 22% of which are FDA approved.
Normally, if you have downloaded an app that has been identified as malicious, you should get a notification from Google Play. But it’s important to realize that this doesn’t mean all of the apps you don’t get notified about are completely safe. Click here to check if you’ve downloaded any of these malicious apps.
4. Mobile malware.
Mobile malware is malicious software that attacks the operating system on mobile devices. Right now, there are far more threats to desktop than to mobile thanks to the security of mobile operating systems, but mobile malware is a growing concern for users.
Here are the most common types of mobile malware:
- Adware. Adware is the most prevalent type of malware found on smartphones. According to Avast, it counts for 72% of all mobile malware. Adware gets onto smartphones by installation of a script or program without the user’s knowledge. Adware works by collecting data from your phone in order to inundate you with ads.
- Spyware. Spyware is designed to secretly monitor and record information about your activities and send that information to a third party.
- Trojan. A Trojan on your smartphone typically appears as a text message. It is designed to send premium text messages that will increase your phone bill.
- Mobile ransomware. Mobile ransomware encrypts data on your phone and demands money to decrypt that data.
- Browser hijacker. This malware takes over your browser settings to promote malicious content from your phone.
A lot of malware doesn’t stay on your phone after a reboot, so make it a habit to reboot your phone on a regular basis.
5. Third party app stores.
The main problem with third party app stores is that they may not vet apps with the same level of scrutiny as apps on the Apple App Store or Google Play. This means that you cannot be 100% sure of the apps that you download from a third party store. But then, you can also unwittingly download malicious apps from either of the official app stores. In any case, tthe risks are definitely greater with third party app stores.
For example, you can get popular apps at a cheaper price on any one of these stores, but that deal can put the security of your data at risk if malicious code is injected into that popular app you might have bought through a third party store. Third party app stores could also share your data with other parties without your knowledge or permission. As a security measure, if you have a third party app that requests excessive permissions or access to data, remove them and search for an alternative because they are likely to be malicious.
6. Lack of security updates and patches for Android.
Security updates are vitally important to repair security holes or fix known software vulnerabilities. Software engineers release updates and patches once they have fixed known vulnerabilities. When new security updates are ready for Android, your phone will prompt you to install a new version of its firmware. However, if you have an older Android phone, you may be at greater risk because Google no longer issues security updates for version 6.0 of the Android operating system or below.
This can be a big problem because it means that if you are using an Android phone that was released in 2012 or earlier, flaws in the older version will remain open and potentially vulnerable to cybercriminals. This puts you at a greater danger of all kinds of cyberattacks including ad fraud, data theft and mobile malware.
To find out the Android OS of your phone, swipe down from the top of the screen and tap the settings icon
7. Fake antivirus for Android
According to a study by Austrian antivirus testing company AV-Comparatives which specializes in testing antivirus products, most of the Android AV apps on Google Play are ineffective against malware. In and of itself, Android is a pretty secure OS, so you probably don’t need to install AV apps like Norton or AVG on your phone, because these apps can actually be detrimental to your system’s performance. A robust cybersecurity strategy can be more effective for your smartphone than certain types of antivirus software.
8. Poor password hygiene
Not securing your phone properly with a strong password can be especially problematic and very dangerous. In this day and age, the need to secure our phones is more critical because of the sheer amount of sensitive data on these devices. Studies show that mobile banking is one of the top three most used apps by Brits. If your mobile is stolen or hacked, a poorly secured device will expose you to all types of cybercrime including identity theft, data theft and all types of cyberattacks.
Click here for 15 ways to boost the security of your Android phone.
9. Unsecured Wi-Fi
Free and public Wi-Fi networks found in public places such as train stations, coffee shops, malls, restaurants and hotels, are a popular hunting ground for hackers. This is because most users constantly connect to these potentially insecure networks without taking any steps to secure their data. If you’re staying safe and secure when accessing public networks, you’re potentially leaving the door open to man-in-the-middle and other cyberattacks that might be lurking in the background of these networks
Here are a few tips to keep you safe on public Wi-Fi
- Use a VPN to ensure that your public Wi-Fi connections are made private, especially when you are visiting websites that require you to login with a username and password.
- Turn off file sharing before you logon to a public Wi-Fi network, because this can leave you vulnerable to hackers.
- Always use secure websites when using public Wi-Fi. Note however that some sites that use HTTPS and SSL are actually setup by cybercriminals. For example, 58% of phishing websites now use HTTPS.
10. Billing fraud
Billing fraud (also known as toll fraud) is a fraudulent process where a malicious app on your smartphone silently subscribes you to a vast number of premium wireless application protocol (WAP) services. In some countries, an acknowledgement is required from the user before the charge is processed. To counter this, the malware will intercept the acknowledgement messages from the infected device. As a result, the scam is acknowledged by you and continues and can cost you hundreds of pounds per month. Unfortunately, you may not detect it until you receive a massive bill from your provider. Since your service provider already received an acknowledgement from your phone, you are likely to be found liable for the charges.
The most persistent form of this threat is joker malware (a.k.a. bread) which has been plaguing Android phones since 2017. Joker malware gets on your phone by attaching itself to legitimate apps in the Google Play store. It has been designed to be very hard to detect. It constantly evolves, making it tricky to detect on your phone. Once installed on your phone, it starts to spy on your activities, harvesting information and sending it back to cybercriminals. It can also steal text messages, contact lists and device information. The Google security team has removed 1,700 apps from Google Play that this malware attaches itself to, but it keeps on re-emerging.
If you own an Android smartphone, go through your app list to see if you have any of the following apps installed on your phone.
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Push Message – Texting&SMS
- Emoji Wallpaper
- Fingertip GameBox
- Private SMS
- One Sentence Translator – Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor – Blur focus
- Safety AppLock
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter – Photo to PDF
- All Good PDF Scanner
If you are using one of these apps, you must remove it from your phone immediately to avoid getting defrauded.