Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

Mitigating Digital Risk from the Android PC in Your Pocket

Security Teams Must Prioritize Risk Mitigation Against Android Malware

Security Teams Must Prioritize Risk Mitigation Against Android Malware

Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users’ computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android.

Threat actors watch these trends too. They’re opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks. 

As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android’s official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores. 

Android Mobile SecurityUsers are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data. 

So, what’s the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect this objective to continue to grow as smartphones become more powerful.

Security teams must now prioritize risk mitigation against Android mobile device malware. But after surveying more than 3,600 security professionals across 26 countries, the Cisco 2018 Security Capabilities Benchmark Study found that mobile devices are the most challenging areas and functions to defend. Implementing the following 10 practices will help: 

1. Use the official Google Play store and only download Play Protect-verified apps and those from legitimate companies. 

2. Only enable limited permissions for downloaded apps. 

3. For business devices, use mobile device management solutions to give IT security staff control to set access permissions and restrictions.

4. Do not root business devices; rooting allows root access to the Android operating system code and preventing it discourages unauthorized administration privilege access. 

5. Deploy endpoint antivirus solutions on individual devices. 

6. Ensure that mobile device operating systems are up to date.

7. Use runtime application self-protection (RASP) to prevent overlay attacks by detecting and blocking malicious activity in real time. 

8. For BYOD enterprises, establish user policies that forbid connection of employee-controlled devices to corporate infrastructure. 

9. Educate employees on threats associated with SMS phishing and mobile device browsing. 

10. Monitor mobile applications, not just third-party apps but internal company mobile apps that may have been modified by a third party. 

Android devices, and smartphones in general, will continue to be attractive targets for cybercriminals, particularly as these devices become more powerful, offer longer battery life and plug into keyboards and other peripherals to easily serve as a user’s computer. But with a multilayered approach to security that includes best practices and a defense-in-depth strategy, security teams can overcome many of the challenges they face when mitigating risk from the PC we carry in our pockets.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...