How secure is Android? experts say the security of all mobile and desktop platforms
Study
Latest Android Application Researchrevealed that about 13 thousand of them allow themselves hidden behavior. These are secret codes and commands, all kinds of master passwords, access keys. To detect hidden behavior, scientists have developed a special tool called InputScope. This program analyzes the fields. In which the user drives passwords. More than 150 thousand applications have been investigated. Of these, 20 thousand were taken from third-party catalogs and stores, and another 30 thousand, which are most often put on Samsung brand smartphones
results
Experts said the results were alarming, there wereMore than 12.7 thousand applications have been identified that contain backdoors in their code in the form of secret keys for remote access and secret commands. Such hidden mechanisms are of little help to ordinary customers, but they will be used against them either by hackers or by unscrupulous developers themselves. And if an attacker gains physical access to a smartphone, he can easily launch any application with the highest privileges.
Of course, all these situations are purely hypothetical,but we cannot know when and what kind of breach will work after being discovered by hackers. The main thing is that such an opportunity exists. And there are also quite a few examples. When studying a number of applications not on the machine, but manually, one of the very popular applications (with ten million downloads) was found to have a master password that gives access to the device remotely, and access can be obtained even when the user remotely blocked his smartphone when he was left (there is such an official function).
In addition, a popular application was discovered.with five million downloads for the lock screen, with an access key that reset the passwords of any users to access the system. Another video streaming application (also with five million downloads) uses a passkey to enter administrator mode, in which an attacker can configure the smartphone as he wants. In addition, another application (a translator with a million downloads) uses a secret key to bypass the procedure for paying for additional functionality such as exemption from advertising.
Overall, the platform alone is enoughIt’s safe, but applications with backdoors do pose a threat to the user. The data stored in the smartphone may be discredited, access to accounts stolen and much more. But there are also many relatively harmless ones. For example, sections for debugging applications, small easter eggs or rare gray ads.
What to do
Researchers notified the developers of theseapplications indicating that latent behavior was discovered in them, as well as mechanisms. The backdoors are very similar in functionality. Of course. Few developers answered. Based on the results of the study, the user cannot be sure of the security of their data on the smartphone even if the applications are installed exclusively from official sources.