ISLAMABAD: With hacking incidents happening more frequently, the last thing you want to hear is that your phone is not secure.
According to a report by Security firm Kryptowire, Android’s open operating system may be open to vulnerabilities.
The security firm ran tests on 10 devices running the Android OS and found that bugs in their firmware left them open to attacks.
“Pre-installed apps and firmware pose a risk due to vulnerabilities that can be pre-positioned on a device, rendering the device vulnerable on purchase,” an overview of the report reads.
The study by Kryptowire was conducted under the Department of Homeland Security’s grant because some of the devices tested came from Chinese firm ZTE.
The US federal government has barred military employees from using ZTE and Huawei devices, in line with the intelligence community’s advise that such devices could pose a national security risk if they were to be used by China to spy on US citizens.
The firm further added that if users download a malicious app on their ZTE ZMax devices, they become highly vulnerable, potentially giving the app complete access to their data and device operation. Other affected phones came from Vivo, Sony, and Sky, among others.
Wired magazine described this vulnerability as a ‘byproduct’ of the Android OS business strategy which lets third-party companies, such as ZTE, modify the code. This, though makes an Android device attractive for phone companies, is what’s responsible for the cracks that might allow a malicious app to take over.
Although this may sound distressing to the users, an important thing to remember is that a device is only vulnerable to these bad actors if a user downloads an app. Apps that go through the Google Play store are subject to stringent review that should prevent a malicious app from even seeing the light of day.
Unless users are downloading apps directly from their makers or using non-Google verified app service, their Android devices should remain secure.
Recently there has been all manner of questions about the merits of an app developer stepping away from Google’s Play Store. This began since the developers of the popular multiplayer game ‘Fortnite’ announced that they will make the game available directly through Epic Games’ website.
Doing so allows the developer to skirt around Google’s 30 per cent cut, but the Kryptowire report reinforces the already serious security concerns.
Downloading unverified third-party apps already make an Android device vulnerable, and the report by Kryptowire further raises concerns.