It was reported that 97 percent of global mobile malware is from the Android smartphone interface. While these numbers have left many doubting the Android’s credibility, they are not completely accurate. These numbers are only related to small and unregulated third-party applications. While Android phones may be vulnerable to such applications, it was noted that applications on Google’s official Play Store were almost malware free.
The malware figure noted in Play Store was 0.1 percent. F-Secure, an antivirus and computer security company, stated that as few as one in a thousand apps bought on Play Store were suspected of containing malicious software. The only applications users were advised to stay cautious of were from unrecognized sources.
Malicious applications target the device’s internal systems, sending them into an endless reboot cycle, according to researchers at Trend Micro. The vulnerability was originally reported on March 16 by user Ibrahim Balic, who said that a memory corruption bug forced most Android operating systems to crash.
The bug would trick users who would install an application containing large amounts of data in the activity label. The application would then have a desired or legitimate activity along with a hidden malicious one. The bug would then activate based on a timer and crash the system after installation. Experts noted that the timer could also be set to go off when the device was rebooted. This would send the device into an endless rebooting loop.
The only way to recover from the endless loop is to perform a factory reset on the Android device. This would ultimately mean losing all the data that the device stored. With this aspect, Android’s vulnerability to third-party application could also be used to indirectly erase or corrupt user data.
Although Google’s Play Store protects its users from malicious applications, there are a number of ways they can gain access to a user’s device. These applications can be uploaded on third-party websites that are predominantly popular in many markets. These would then be advertised on trusted sites, tricking users into downloading them.
Crashing the operating system is not the only vulnerability that was identified. Android is also vulnerable to applications that target the device’s PackageManager and ActivityManager services. This would, in turn, target the processes that depend on these services and even leave the device completely useless.
Google was immediately notified of this vulnerability and were quick to act against it. Users are still advised to treat unrecognized applications or applications from third-party sources with extreme caution.
Even though the figure might be against them, it should be noted that Android still dominates nearly 87 percent of the global smartphone market. Hence, it might not be incorrect to assume that Android devices are still trusted worldwide. Developers might be responsible for ensuring better protection in the cyber world but users, too, have a part to play. Users are always advised to only download applications from trusted websites so that they can protect their devices against Android’s vulnerability to third-party applications.
By Hammad Ali