Brian Jackson - Fotolia
Android devices are under constant threat from various types of malware that exploit vulnerabilities in the OS, and as soon as Google fixes one problem, another threat comes along.
Android admins should consistently update themselves on the most recent Android security threats so their organization can quickly push out security patches and ensure its users and data are secure.
Recent major Android security threats
In October 2019, Symantec reported on the Xhelper malware, a malicious app that can hide from users, download other malicious apps and reinstall itself after the user removes it. By the time the report published, the app had infected more than 45,000 devices over a six-month period.
In December 2019, Promon security researchers verified the existence of an Android vulnerability dubbed StrandHogg, which made it possible for malware to pose as a legitimate app. Under the guise of a trusted and familiar Android app, hackers can eavesdrop, take photos, record phone calls, access private data and carry out other malicious acts.
Not long after, Trend Micro identified three malicious apps in the Google Play Store, which is typically a safe place to download mobile apps. One of those apps, Camero, exploits a vulnerability in Android's main interprocess communication (IPC) system, making it possible to elevate an application's privilege to the Linux kernel without requiring user or admin approval.
In early January 2020, Google published details about a critical security vulnerability in the Android media framework. This Android security threat makes it possible for a remote attacker to execute arbitrary code within the context of a privileged process.
These are just a sampling of the ongoing Android security threats, and not all of these threats are particularly new. Unfortunately, Android admins can't always address threats by issuing security updates.
In May 2018, for example, Avast Threat Labs found adware preinstalled on several hundred Android devices. While these devices weren't certified by Google, organizations should be on the lookout for this type of preexisting adware.
Google's distribution method for the Android OS also contributes to the security issues it faces. Not all Android devices are sold with the latest OS version or updates, and not all mobile device OEMs apply security patches in a timely manner. This can leave Android device owners and IT administrators to fend for themselves. Google has gotten more insistent that vendors keep devices up to date, but there are still enough holes in the OS to leave many devices vulnerable.
What can IT do to keep track of the latest threats?
Organizations that want to stay on top of possible vulnerabilities can refer to the National Vulnerability Database, a comprehensive online resource provided by the National Institute of Standards and Technology (NIST). The database is continuously updated with details about current Android security threats, among other notable vulnerabilities. According to the database, 18 vulnerabilities were discovered in the Android OS between Dec. 15, 2019 and Jan. 15, 2020. IT departments can review these threats and determine the best approach to secure their Android fleet.
Organizations can also refer to Google's own security-related resources for information on Android security threats. Google offers security bulletins, reports and whitepapers, all of which can be found on Android's security hub. The security hub also provides best practices and strategies to help organizations better protect on the OS, apps, hardware, network and user privacy. For enterprise organizations trying to protect their Android devices, the security hub's best practices tab is a good place to start.
Another good resource for protecting Android devices is Google Play Protect, which provides information for developers, OEMs and users to help them understand how Google Play Protect secures Android devices. It also highlights what future steps Google is taking to safeguard the Google Play platform.