Are your Android apps putting your phone at risk?
If you own an Android, you’re probably a regular visitor to the Google Play Store. Having the latest gaming app, or an app to tell you how many reps you’ve done at the gym is part and parcel of owning a smartphone these days. And, with latest figures stating the Google Play Store has around 3.3 million apps there is definitely something for everyone.
However, have you ever thought about what you are downloading onto your phone? Are the apps you download actually safe? Or do they open up your phone to a whole host of problems? Most importantly, how do you keep your Android phone safe from fake apps?
These are some of the questions we will be answering in this weeks’ blog.
The Google Play Store and Insignary
Now, we all know that downloading apps from unknown sources is not a good idea, but you would think that downloading an app from the dedicated Android app store would be safe, right? Well, not according to a recent report by Insignary, which conducted a comprehensive binary code scan of the 700 most popular Android apps found on the Google Play store.
The results are rather surprising, with 20% of the apps Insignary tested containing open source components with known security vulnerabilities.
Let’s just put that into perspective.
20% of 700 apps is 140 – doesn’t sound that many does it?! But, imagine if 20% of the whole of the Google Play Store had these security vulnerabilities. That’s 20% of 3.3 million, which equates to a whopping 660,000 apps!
Now, we definitely aren’t saying that 660,000 apps on the Google Play Store have security issues, but as the test carried out by Insignary only looked at 700, there is a high possibility that there are a lot more apps in the store that do have these vulnerabilities.
What does this mean?
In 2017, Google announced that it had reached over 2 billion users on its Play Store. So, any security vulnerabilities in its apps, such as the ones found by Insignary, could result in hackers gaining access to a large number of these users’ information.
And, when you think about how phones have become mini personal organisers, with people and businesses relying heavily on them to store both personal information and financial data, there could be a real risk to users.
How are these apps not detected by Google?
New apps are uploaded to the Play Store every day, with some of them having ulterior motives to your run of the mill ‘Angry Birds’ app. In a report published by Google at the beginning of this year, it states that in 2017 it removed more than 700,000 apps that violated its Play Store policies – a 70% increase from the previous year. On a positive note, Google claims that 99% of these apps were identified before users installed them, which sounds great but that remaining 1% is still a big number of apps getting through Google’s detection techniques.
And, remember, it’s not just apps you may have never heard of that can cause harm. Avast, Waze, Facebook, and WhatsApp have all had fake copycat apps uploaded onto the Google Play store. And, as the results of downloading these imitation apps can vary from nonstop bombardment of adverts to stealing money and personal information, it really does pay to be extra vigilant.
How do I keep my Android safe?
Overall, the Google Play store is the safest it has been since it was first launched. Google is working tirelessly to ensure that it has the best safety precautions in place to ensure it can fish out any apps that could cause harm to its users.
But, there are also things in which you as an Android user can do to help ensure you are protected.
- Make sure you have an anti-malware installed on your phone.
- Ensure that your Android is running the latest software available.
- If an app doesn’t look right to you, don’t install it.
- Pay attention to the developer name when installing an app. Why would Facebook have an app developed by someone who was not called Facebook?
- When an app is installing, check its permissions. If an app wants permission into your SMS, address book, phone, network connections it’s either going to spam you with adverts or there may be a more sinister reason it wants access.
- Keep an eye out for the reviews. Generally, the more reviews the better. If there are only a few reviews and they are all 5-star, be wary as they could be phony.
Have you experienced a fake app? Tweet us @OntrackUS with your story.