Interview: The current state of Android security

In recent times Android has come under increasing threat from malware which has led to more people looking to install security software on their phones and tablets.

Mobile security specialist 360 Security recently announced that it had gained 11 places on the Android download charts in August, indicating a renewed interest in protecting devices.

We spoke to Xu Xin, Chief Mobile Security Expert at 360 Security to find out more about this trend and about the current state of Android security.

Is Android becoming a more attractive target for cyber criminals and why?

An environment where hackers know they can have success will always attract more crime. Android currently occupies the biggest share of the mobile OS market and the functionalities of Android devices are very diverse, rendering them conducive to hacks and cybercriminal activity.

As a result, more and more hackers are beginning to investigate the potential vulnerabilities of Android and produce applications with viruses for Android systems -- particularly when it comes to user privacy and payment security.

Does the open source basis of Android work against it in security terms?

Not necessarily. While there are often new vulnerabilities found on Android, Google is quick to fix them with each update. It's an open source basis which allows room for more bugs and threats; however, it also reduces the time it takes fix them and helps make Android stronger.

For example, when the Stagefright vulnerability was declared earlier this year, Google communicated with the discoverer after the fact, quickly developing and releasing an updated version that solved the vulnerability, strengthening the operating system.

Can Google do more to keep the operating system safe?

With each new version of its Android system, Google increases its focus on Android security. For example, in Jelly Bean (version 4.1 to 4.3.1) Google introduced SELinux to make the root system vulnerabilities less effective. Also, in KitKat (version 4.4) Google strengthened the security of its broadcasting policy, helping combat the threat of SMS interception viruses.

Furthermore, with the release of Marshmallow (version 6.0) Google reinforced permission management, meaning users will get informed when the application tries to access a vulnerability. The main problem tends to be the time difference between when Google updates its Android OS and when the different brands of devices update their products.

Does Android malware follow the same trends as that for Windows? A move towards ransomware and attacks hoping to make money for example?

At its core, the ultimate purpose of hacking is to make money, meaning that the criminal methods across all platforms share very similar characteristics. The main difference lies in the tools used and methods of implementation. Apart from ransomware viruses, Trojans to remotely control Windows, including Dendroid and iBanking Mobile Bot, are also available on the Android system and have a very high infection rate.

What does 360 security offer that other security packages don't?

360 Security adopts an independently developed QVS and Cloud dual engine, which possesses industry-leading scanning and detection capabilities. Unlike a number of other security products that adopt a single anti-virus engine, the 360 Security app is able to detect and remove viruses in real time though a unique double-engine model. The local AVE engine detects and cleans malware based on its activities, while the cloud engine provides Internet scanning that ensures viruses are cleaned the moment they are spotted.

360 Security's cloud-based Anti-Malware Engine includes several innovative technologies, including dependable file inspection technology, which can compare black and white listed files on the server-side to help users detect Trojan viruses without needing updates.

Furthermore, the engine adopts a rigorous mechanism for analysing virus-prone system locations and vulnerable software, which can be largely attributed to 360 Security’s cloud-based file database. The database contains approximately 660 million blacklisted malware samples and 24 million legitimate, white-listed file samples.

Some people still argue that you don't need protection on an Android device as long as you’re careful about what apps you install. Is this a naïve approach?

Whether or not people install protection on their Android devices, it remains important for users to ensure they install applications carefully and rely on official channels for application downloads. That being said, this is often not enough because even in official download channels, including Google Play, there are applications that contain viruses yet to be detected.

360 Security recommends Android users remember the following points:

  1. Always keep you phones system updated with the latest version.
  2. Install antivirus software and keep the virus database updated in real time, periodically scanning your mobile phone.
  3. Close the USB debugging function.

Photo Credit: Kirill__M / Shutterstock