The Quadrooter flaw exploited security flaws in devices with Qualcomm processors, and reached about 900 million Android models. Danger! Danger! Danger! This is how this malware was presented by those who discovered the security holes. However, for the breach to be exploited, hackers had to remotely install a specific application to take advantage of the vulnerability.
The Stagefright is quite different. It is a flaw that was hidden in the media file processing functions in MMS (multimedia SMS messaging). A photo or video sent through this system could be delivered to the sender with the hidden malicious code. The flaw affected all versions of Android from 4.0 onwards, but in fact, due to Google's interventions in the Android source code, it was unlikely to be severely disrupted.
The difference between the two clear security holes: Quadrooter requires some user assistance, while Stagefright can be exploited remotely and without user interaction.
What tools are available against security vulnerabilities such as Stagefright, Quadrooter, and so many others? Android itself has some features that can make you more protected against such malware. The four most important measures you will know below:
Solution 1: Do not install apps from unknown sources
Among Android configurations is an option that allows you to install apps from unknown sources, ie manual and non-Play Store installs. Not by chance this option is disabled by default so that the user can install only official apps. Some manufacturers have separate stores, such as Samsung Galaxy Apps, where this limitation is not applicable.
This option can protect the system from malware distributed through an app store or unreliable files that are spread over the internet. There are malicious apps in the Play Store, but they are much rarer, and when they do, the community or the press quickly issues an alert about them. The unknown source option can be enabled for use by stores like Amazon or F-Droid, for example.
Solution 2: Google Scanner
Google offers a solution to counter the attack of malicious apps, which is the virus scanner. This feature was implemented on Android 4.2 and is now part of Google Play Services, and is enabled by default on the system. The purpose here is to scan applications that are suspicious. If malware is discovered, the installation on Android is canceled. At least so it should work in practice.
The Quadrooter glitch, for example, has no chance of working on Android as long as this feature remains enabled. According to Android security chief Adrian Ludwig, another malware that could be unmanageable on the system is Gooligan, discovered in December 2016, which had the characteristic of hacking into Google accounts. But, what's behind the Google scanner?
In the 2016 Android Security Report (released April 2016), Google indicates that with this (scanner) technique the threats around the system could be significantly reduced. This function has been optimized throughout Android versions and between security packages.
Basically, this check can scan an entire APK file and compare its identity with the information in the Google database, which includes threats and malware. This work is done on Play Store files and also on APKs that are accessible on the internet. This method is designed for the very efficient system, as 90% of the entire Play Store content has been checked for security issues.
Opinion by Hans-Georg Kluge
I trust Google's initiatives to make Android safer.
In addition to this initial process, Google can analyze the individual characteristics of each app and subject them to other processes. The user may be notified of the risk of malware, or in more extreme cases the installation blocked by the system. You can analyze the entire course of the application, from its installation and its post-installation behavior. In all cases the user can be notified of serious threats and even can choose to remove it.
Of course, Google still can't protect everyone from malware attacks, especially the latest ones. At the latest in hours, days or months all users can be prevented from any threat. In the Play Store there is a similar process where Google analyzes the behavior of developers and their apps registered by l and may disrupt developer activities that put the usability of the system at risk.
Excited by this discovery, I decided to put this scanner to the test. Why not test this protection, right? I turned on the unknown sources of the system, installed some anti-virus that I found in the Play Store and went in search of Super Mario Run for Android, as malicious downloads for a game still in the released what more time a. The result? I installed everything without any problems and during the process, only the anti-viruses that I downloaded from the store alerted me to the presence of adware, marked as "unwanted behavior".
Of course this is not malware that poses some kind of danger to my data or the system. But in fact, I didn't receive any notifications or warnings from Google during the process.
My little experiment made it clear: Google's scanner allows small adware or minor threats to be installed manually. It may be that Google has not yet classified part of them as a risk, but to some extent the user should be warned of any threats, even minimal.
Opinion by Hans-Georg Kluge
Google no longer offers basic protection for my Android
Solution 3: Current Security Packages
Linux-based Android, and its third layer of security for users, is up-to-date software with the most current fixes applied.
The Stagefright failure really must have led Google to some reflection, such as: distributing more monthly security packages to Android. Since then, more than 18 monthly security packages have been released by Google. In addition to being available for newer versions, packages can be installed (when required) by versions starting with 4.4.4 KitKat.
A device with the latest system will have a certain privilege, such as those that run with Nougat. Moto Z with Android Nougat is running the November 2016 security package, for example, while Galaxy S7 already has the December 2016 patch. The more current the package, the better the system security level. The more updated the better.
Opinion by Hans-Georg Kluge
Android and security updates should be released to everyone simultaneously.
Solution 4: Self Responsibility
Who installs the applications or disables functions on the smartphone the user, then nothing better than having responsibilities with the systems. Some cautions are very logical, as: I should not go after the game Mario Run if it has not been officially released.
The same goes for emails, SMS or anything that arrives through WhatsApp that promises functions that will be delivered outside the Play Store. Always be cautious and act responsibly.
Are security apps needed for Android?
My little experiment, described above, was clear to me. Several anti-virus installed on smartphones detected the adware to come. Of course I would have been without this little threat if I had not enabled the installation of unknown sources on the system, there at first.
I noticed that anti-viruses can help with something, but not always their proven effectiveness, such as websites or email attachments. Therefore, evaluate if you are a risk-prone person, as a security app may be right for you.
Opinion by Hans-Georg Kluge
Security applications are required in some cases.
Security Settings Summary
Here is a summary of the settings that should be enabled on your Android, follow the steps:
- System Settings> Security> Unknown Sources (disable it if necessary);
- System Settings> Google> Security> Scan Apps> Scan Device Security Threats (enable this option);
- System Settings> Google> Security> Scan Apps> Improve Detection of Bad Apps
Opinion by Hans-Georg Kluge
The Android tools are enough for me.
Conclusion: Android safe, but not one hundred percent
We returned to the beginning of the article, where I said that Quadrooter failure had reached 900 million devices. This is very likely, especially on smartphones that lack Google services and control, such as Asian models.
However, we note that Google has improved the Android protection system with every release, including using Play Services. Maintaining the option of installing apps from unknown sources could be a mistake, especially in some cases, which make the system more susceptible to vulnerabilities.
Stagefright also taught us a few things, especially for Google, which has improved the delivery of security packages and media processing by messaging applications. Unfortunately, older models may be at risk due to the range of these point fixes for these models, such as devices running Android 4.3 or earlier.
Of course, Google needs to improve the delivery of these monthly security packages. However, manufacturers need to cooperate so that more and more our devices can be protected.
. (tagsToTranslate) Android security (t) crash Android (t) security breach (t) Google (t) Android security update
