I initially wrote this in a conversation on the OzTech email list where the original question asked whether Android is more susceptible to viruses or hacking (than other platforms). The whole issue of security and privacy has been in the spotlight lately as well though due to certain settings which not everyone is happy about in Windows 10 (https://fix10.isleaked.com/ ) – and if you haven’t been following along, Windows 10 has otherwise received quite a positive reception and there are lots of things to like about it – if you are interested in it, you may also like to check out my book on Windows 10 which is available now and already helping people make it much easier for them to use: http://www.22point.com.au/publications.html
So back to the issue of security, I thought I would take a step back from concentrating on any specific operating system and examine some of the ways that users of any operating system and mobile platform are potentially vulnerable.
Danger sign
In direct response to the question about Android question I would say that the short answer is, you should be fine as long as you only download apps from Google Play.
The longer answer is that Android is the most “open” mobile platform, which means that users and developers have more control over what you can do with it and how you can customise it than other mobile platforms (ie, iOS and Windows Mobile) – for instance, on Android you can install a custom home screen (a launcher) which completely changes the look from the standard “grid” of 1cm icons, to something like say Big Launcher where you can have one giant icon or a 2×2 grid etc, or you can change the app you send text messages with.
The flipside of that is that is that if you do give a malicious app access to your system, it may be able to hook into more information, but then a specially crafted iOS attack aimed at an obscure vulnerability might as well. The most common way vulnerabilities are exploited is by malicious apps which are distributed through shady websites, so if you stick to the official ones you are much less at risk.
Probably a bigger threat these days is phishing attacks – those emails you get that look like they are from your bank saying there has been suspicious activity and asking you to log in and update your details – yet they come from a Gmail account and direct you to a site which appears similar to your bank but the address will be http://www.somethingshady.com.ru or something. That or a service you use being hacked (Ashley Madison being the latest one) – either way that’s not specific to any particular type of device.
All in all, whatever you use and whatever you do, it pays to be vigilant and careful and try to stay up to date with security patches etc (in good news, many of the major Android manufacturers have announced they will start rolling out security patches monthly now).
To the issue of security in general on any modern system, these days I think it would be naive to say that any platform is completely secure and impenetrable. Microsoft have found security holes in Windows which have been there for nearly 20 years (http://www.theverge.com/2014/11/12/7202801/microsoft-patches-critical-19-year-old-windows-bug) , last year the “heartbleed” bug was found in the Open SSL protocols which many banking and shopping websites use (http://heartbleed.com/ ), just recently we had the Android Stagefright MMS vulnerability (http://www.androidcentral.com/stagefright ) and about the same time one on Mac was publicised as well http://arstechnica.com/security/2015/06/new-remote-exploit-leaves-most-macs-vulnerable-to-permanent-backdooring/ and finally, GHOST, a security vulnerability affecting many older and some current distributions of Linux was uncovered earlier this year (http://www.zdnet.com/article/critical-linux-security-hole-found/ ) – Did I miss any major platforms? If I did, type “platform security vulnerability” into Google (replace “platform” with the name) and I’m sure you’ll find something!
Can running security software help? Sure, with some of these things, but importantly not until AFTER they have been identified by security researchers, which may not be before the bad guys find them.
In general, the more complex a platform is, the more likely there will be undiscovered vulnerabilities, but any modern OS is very complex.
In general, the more popular a platform is, the more the bad guys will look for vulnerabilities (part of the reason Mac owners have traditionally been smug about security over Windows IS because they are that bit more secure, but partly, it’s just because Windows has traditionally held over 90% of the desktop computer market – as a bad guy looking to exploit vulnerabilities, are you first going to try and find one in the system used by less than 10% of users, or in the one used by 90% of users?
On the flipside, popularity can also act protection of a sort in that IF a vulnerability starts to be exploited, there will be more people monitoring things and looking out for that on the more popular and active platform so it may be picked up quicker and there are likely to be more resources available to address it (either officially from the platform manufacturer, or by third party security companies or developers) than it would be on a smaller platform,
The other danger with security apps, is not to assume they will keep you safe. Firstly you need to know how to use whichever security app you use, that means having it setup to protect what you think it’s protecting, and secondly being able to understand and correctly respond to any messages it (or your operating system) gives you.
So what should you do? In general:
Being aware of what access is available to your device is critically important:
– knowing what apps have access to which permissions,
– which websites are automatically signed in,
– using a password or code to restrict physical access.
– Know what data your operating system collects and what it does with it (eg, each of the major voice assistants – Siri on iOS, Google Now on Android and Cortana on Windows transmits each query or instruction to their parent company over the internet, ostensibly to provide you with a more accurate and contextual response).
Being vigilant to new requests for information or access:
– Knowing how to identify genuine correspondence (eg from your financial institutions).
– Not activating links in emails, but typing them manually into your browser (or using favourites).
– Not opening attachments, MMS messages or visiting unknown websites from unsolicited correspondence.
Educate yourself around known vulnerabilities:
– EG disable MMS auto preview if you have an Android device which has not been patched for Stagefright
– Be aware of current and recent hacks, vulnerabilities and the recommended actions to take.
Take reasonable precautions yourself:
– Don’t downloading apps from unknown webistes
– Use a regular account rather than administrator account on your computer
– Make regular backups of your data
– If you use security software, then take the time to learn how it works but don’t let it make you complacent.
Doing all these things you are much less likely to fall victim to malware / ransomware / viruses / phishing scams etc, but it’s still possible, so finally:
– Be aware of how to regain control of any critical accounts
– Don’t reuse passwords, DO use complex passwords and have a secure system for recording them.
– Know how to remotely wipe any systems which you may physically lose control over (eg any mobile devices).
– Keep backups of all your important data! Did I mention that twice? Good, you should keep at least two backups, ideally at separate locations!
Finally, while it’s important to take precautions and be vigilant, it’s also important to not let it overwhelm you. In fact particularly if you take most of the advice above (which is fairly standard advice you can find repeated in many places on the net) then you are MUCH less likely to run into any trouble, so have even less reason to overly worry.
Did I miss any important security tips or advice? Let us know in the comments!
22 Point Blog! 