Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Android Security Practices?

Posted by Soulskill on from the avoid-installing-malicious-ai dept.

Soft writes "Smartphone security recommendations seem to boil down to Windows-like practices: install an antivirus, run updates, and don't execute apps from untrusted sources. On my own computers, running Linux, I choose to only install (signed) packages from the distribution's or well-known repositories, or programs I can check and compile myself, or run them as a dedicated user — and I don't bother with an antivirus. What rules should I adopt on my soon-to-be-bought Android device? Can I use it purely with open-source apps and still make the most of it? Are Android's fine-grained permissions (accessing the network, contacts...) reliable? Can apps be trusted not to scan your files and keyboard for passwords and emails? What precautions do security-conscious Slashdotters take to keep control of their phones?"

26 of 173 comments (clear)

  1. Install a firewall by girlintraining · · Score: 4, Informative

    Install a firewall. Not to keep the hackers out, mind you, but to keep your data *in*. There are way too many apps that try to phone home or do things they don't need to ('live' wallpapers come to mind). Disable their network access. If an application requires network access, bring it home, set it up on your home wifi network, and run a sniffer to find out where the data goes. You don't need to know what the data is per se. Then, try blocking as much of it as you can until the application stops working. You've now found the minimum amount of access that app needs to function.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Install a firewall by mlts · · Score: 3, Informative

      More specifically, root your Android phone (no, it will not lessen security unless you are stupid and click "allow" on any app that pops up the su dialog unless you KNOW it needs the root permission.)

      Install DroidWall and allow it full su access. Then when you install a new app, make sure to allow it out, because by default, new apps are not allowed to phone anywhere. LVL is handled by another mechanism, so apps should know they are licensed even if you block them with DroidWall.

      After installing DroidWall, and selecting the apps you know that need to communicate, that will provide a decent measure of protection.

    2. Re:Install a firewall by improfane · · Score: 4, Insightful

      On a phone? Are you serious? Honestly I never thought you'd ever need a firewall on a phone. If we cannot trust the software running on our phones not to be able to do malicious things, something is seriously wrong with the software architecture on phones. I always thought that the Bitfrost security architecture from OLPC was a good idea. How come this style of capabilities is not in Android?

      Nokia 1661 and loving it baby. As far as I can tell, I can't put software on it!

      --
      Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
    3. Re:Install a firewall by i.r.id10t · · Score: 4, Insightful

      The problem isn't that it is a phone, but rather, it is a computer with phone functionality. Would you tote around a laptop w/ no firewall or AV?

      --
      Don't blame me, I voted for Kodos
    4. Re:Install a firewall by Jeremiah+Cornelius · · Score: 3, Insightful

      Agreed. When "signed apps" are little different than trojans to steal your PII and report on your activities, the definition of security moves away from one of "penetration and exploitation" towards "scope of trust and violation".

      As to the original article.posting, with its naive POV regarding security? What does your posture do for you, when exploitation and abuse are built into signed apps - or signed apps consume and interpret code from untrusted, arbitrary sources? Flash, Acrobat and any AJAX capable browser are all wide-open to abuse, on any given 0-day.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    5. Re:Install a firewall by improfane · · Score: 2, Interesting

      I think you're missing my point. It's a phone. You shouldn't have to install security software on something as trivial as a phone. Something is wrong with the API and security assumptions of the device that it is insecure by default, without security software.

      Now that the cat is out of the bag, we can never put it back in. App companies have gotten used to the APIs that give them amazingly intimate personal and marketing information. Apple and Google (an advertising company) has a vested interest in allowing companies to phone home with all your personal data. Expect to have phones and tablets that are insecure by default. We aren't going back. It's just going to be a repeat of the PC industry.

      It just sounds as ridiculous as installing security software on a walky talky or a landline telephone. The API should not be able to access data that the app store has not agreed to. It should be shipped with a list of capabilities it expects to use. It really sounds like that software on Android just runs and does whatever it pleases. We're reactive rather than proactive again...

      I don't think it's an issue of running untrusted executable code, the code IS trusted but it's capable of doing things the phone should never have exposed to the application. I'd like to see security enforced for every execution of an application, so when you close an application, it gives you a list of the data the application tried to access. Rather than trying to ask the user each time to accept or decline, it should be configured BEFORE execution.

      --
      Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
    6. Re:Install a firewall by The+Dawn+Of+Time · · Score: 5, Insightful

      You're missing reality - it's not a phone, it's a computer with phone software. I know that's exactly what the post you replied to said, but apparently it went right over your head.

    7. Re:Install a firewall by improfane · · Score: 2

      I wish I could accept how easily you accept the status quo. One that only benefits big companies that harvest personal information from the clueless masses. Perfect security is impossible, I agree.

      I don't want a phone that is continually monitoring my whereabouts by default or can connect to the network at the same time as accessing my data.

      Should a phone be able to access my phone book AND the network at the same time?
      Should a phone be able to access files on the phone AND the network at the same time? What files can it access and why?

      I think these are reasonable precautions. The app developer should have to go through hurdles to accomplish these things. Perhaps enforce SSL by default when your software has the capability of reading phone book information = enforces your data security when transmitting it and the identity of the recipient.

      --
      Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
    8. Re:Install a firewall by improfane · · Score: 4, Insightful

      That's the potential to access. Not the actual access. That won't scare users enough.

      The software should display the data that would have been accessed with the widgets that is appropriate to the device, say a contact card or a filename and then threaten the user.

      Are you sure you want to send this information to somewebsite.com over an unscrambled channel to someone in China?

      • a list of your contacts as displayed in your contact list
      • a recent email of your naked wife (with picture rendered)
      • a map with lines between your last plotted geolocations
      • the following picture captured from your webcam

      It should be displayed like numerous bits of scrap data on the screen with a picture of a pipe and the pipe attached to a shady looking figure next to the planet earth on the other side of a cloud. The implication should be obvious.

      Would that scare you?

      --
      Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,
    9. Re:Install a firewall by TheCRAIGGERS · · Score: 2

      Install a firewall. Not to keep the hackers out, mind you, but to keep your data *in*. There are way too many apps that try to phone home or do things they don't need to ('live' wallpapers come to mind).

      Bah! Screw that. Maybe I'm too idealist, but if I'm looking at an wallpaper (for example) and the security permissions require net access, SD card access, and access to your bookmarks, I just don't install it. There are two main reasons for this:

      First and foremost, the app is obviously shady, if not outright malicious. I don't want it on my device at all.
      Secondly, and no offense here, but you are trusting a firewall / antivirus program to protect you from stupidity. There is no replacement for some common sense when it comes to installing programs on your computer. Most of us geeks here on /. already have a finely-tuned bullshit meter that can detect the majority of malicious software in the PC world before we run it. You need to enable that mental filter on your mobile device as well.

      Android gives you more information than we ever got on our PC. It's up to you to use it. Yes, I know that live wallpaper is oh so pretty, but resist the urge to install it when you see something fishy in the permission list and 99% of your security concerns disappear.

    10. Re:Install a firewall by girlintraining · · Score: 4, Insightful

      I think you're missing my point. It's a phone.

      They aren't missing it, they're ignoring it. What it is called isn't the issue, it's what it can do, and whether that is what the end-user wants (or not).

      --
      #fuckbeta #iamslashdot #dicemustdie
    11. Re:Install a firewall by rickb928 · · Score: 2

      Until recently, Apple users were quite proud of the relative lack of threats to their MacBooks. This past week seems to have wiped the smirk off their faces, but that will be shortlived. Apple will plug the holes and they will go back to bliss. Reactive again.

      And few Linux laptop toters bother with substantial AV. Of course, most Linux distros install a firewall, but it's relatively generic and minimal, and the users also seem ready to gloat about the seeming lack of threats. And they are not entirely incorrect in this, but that's more because the attackers seems to be avoiding DHCP blocks, in favor of named hosts, though that is not 100% and as Linux gains share in the home, they will happily follow these new users and take their machines for their own. Ah yes, security by limited market share.

      What I want for my Android phone is a firewall that denies apps access to SMS and phone, GPS, and camera, except by my permission, and then only when I want them to. I've uninstalled Stitcher because it ran a Bluetooth service. My podcast gizmo needed a Bluetooth service? I already got one of those, Suppose I'll get that firewall any time soon?

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    12. Re:Install a firewall by thePowerOfGrayskull · · Score: 2
      This. By default you are given generic information about the access an app will require before you install it. You must approve it in order to install it. You do not get any specific information about what the app will do with the info. Once you approve it you gain no further insight about what the access is used for or even when it's used.

      OP is missing the point with the firewall suggestion. It is not reasonable that someone should have to go to tjose lengths to secure a device, especially a modern device more or less built on top of the last 50 years of security lessons. That kind of security should be an integral part of the platform.

      I was really surprised that Android got this wrong

    13. Re:Install a firewall by alostpacket · · Score: 2

      It should be noted that one of the reccommended ways for devs to employ LVL DRM is to offload the returned response to the dev's own trusted server. This would require internet access. This is done because LVL is trivial to break alone and trusting the client is always insecure.

      Anyways, not to sound too spammy or promotional, but for beginners to Android I've written a guide and app that they can use as a pocket reference for the permissions and something they can give to family/friends who might be less than tech savy.

      The guide is posted here: How to be safe, avoid viruses, and find trusted apps -- A guide for those new to Android

      And the app is here: PocketPermissions

      *Please excuse some of the typos as I'm not the best writer/editor and am in the process of cleaning up the guides now. However it should be a good beginner's guide -- somewhere to start understanding permissions and security before jumping into rooting and ROMs

      --
      PocketPermissions Android Permission Guide
  2. A smart phone is just a computer. by Kenja · · Score: 3, Informative

    A smart phone is a computer like any other and should be treated as such. Trust mobile apps as much as you would trust desktop applications. Do not install unknown software from unfamiliar sources and in general be as vigilant as you are with your Windows, Linux, OS X system. If you are paranoid enough, there are firewall and app activity scanners out there. But perhaps you dont trust them either. In which case, write your own apps. Its not hard for even the inexperienced with the app-builder tools.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  3. Permissions aren't 'fine grained' by c0d3g33k · · Score: 3, Interesting

    The problem with Android is that the permissions aren't in fact "fine grained" (though they might seem so to the 'TL;DR' generation). They are relatively course-grained with respect to what modern applications might require. Any non-trivial app will require permissions from the available pool that can be abused by malicious developers. The user has to fall back on trust when installing any non-trivial app.

    Android needs something more like a sandbox environment for each application and a reasonable system where the user is asked for permission before accessing sensitive information.

    Android permissions == FAIL, at least from a personal privacy and security perspective.

    1. Re:Permissions aren't 'fine grained' by ShavedOrangutan · · Score: 3, Informative

      Every app requires full permissions, for no useful reason. Why a stopwatch wants access to my calls and read/write on the SD card, I don't know, and the choices are to either accept it or don't use the app. This is seriously broken. I don't even look in the Android Market anymore because it's just too much risk to install anything. It's actually worse than Windows, where at least I know where the software is coming from.

      --
      Godaddy is a scam and a ripoff.
    2. Re:Permissions aren't 'fine grained' by c0d3g33k · · Score: 2

      No. What I was saying is that Android permissions aren't all that fine-grained and are seriously broken if protecting the user is the goal. What I didn't say is that they should be redesigned if personal security and personal privacy are a priority. I'm saying that now.

      You, on the other hand seem to be implying that Blackberry is better for some unspecified reason. Since you obviously don't live in a Middle-eastern country where Blackberry caved and allowed personal communications of BB users to be monitored. So what was your point again?

      Security is only valid if it's completely in the hands of the users at the endpoints of the desired communication, not the middleman who is managing it all while saying "trust me - you're completely secure, honestly".

      To me, Android is much more secure than Blackberry, because at least I can root my android device and set up my own communications channel that has at least a chance of being secure. Don't really see that as an option for the dark fruit.

    3. Re:Permissions aren't 'fine grained' by Reapman · · Score: 3, Insightful

      EVERY App? I doubt this, in fact as an App Developer I know this isn't true. Adding permissions to your app is something you opt in - if a developer is so lazy he opts in every single perimssion then I wouldn't trust that app.

      I've decided against installing apps that require permissions I don't want, and have quite a few apps that I've trusted onto my phone.

      Google is providing you the ability to, at least, get an idea as to what your getting into. Something like the iPhone doesn't give this, and I'm not sure if Blackberry does or not. Could it be improved? VERY. Is it better then nothing? VERY.

      How is this broken? Because an App Developer has some crazy permissions? I'd call that working - you know what it's asking for and you choose not to install it. How is it better then Windows? Do you know if your Windows Stop Watch app is talking to your Contacts stored in Outlook or Thunderbird?

    4. Re:Permissions aren't 'fine grained' by nabsltd · · Score: 4, Interesting

      Why a stopwatch wants access to my calls and read/write on the SD card, I don't know,

      Many apps that need access to "phone calls" are doing so to be good resource users, and to follow some Android UI conventions.

      Knowing if you are talking on the phone or not allows the app to change its behavior to not bother you, use less CPU cycles, etc. And, this sort of thing is why there are so many complaints about the overly-broad permission groups on Android...you can't know the "in-call state" without being given permission to "phone calls".

    5. Re:Permissions aren't 'fine grained' by AmbushBug · · Score: 2

      ...you can't know the "in-call state" without being given permission to "phone calls".

      I don't think this is true. The permissions for phone state are called "Read phone state and identity" and they don't allow you make phone calls, as far as I know. That said, the internet access permission is too coarse - its basically all or nothing. It would be nice if apps had to list the domains they are going to connect to or something...

  4. Lookout by Rary · · Score: 2

    At the very least, install Lookout.

    --

    "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

  5. Take these for what they are worth... by mlts · · Score: 4, Informative

    Take these for what they are worth, but here are my security practices:

    1: Install DroidWall and use that to lock down everything except the apps you do want going out.

    2: Use TouchDown or a discrete app for secure Exchange email. This allows you to keep contacts separate from the rest of the device, and the app can keep the contacts encrypted. If it is work E-mail, it is good to keep it separated anyway.

    3: Consider a PIN protecting app for #2 above, as well as your terminal, settings, and su app.

    4: Use Titanium Backup with the encryption feature and store on Dropbox. If you look at TB, you will find that the way it does encryption using RSA keys is pretty well designed, so storing backups of apps on DB can be done securely.

    5: Get a utility (I use WaveSecure out of habit, but there are others) that will lock the phone if the SIM card is changed, airplane mode is put on, and even allow one to remotely wipe the device and SD card. I'd like a utility that would give the ability to wipe the device and SD card if the phone has not seen Net access in "x" amount of time, similar to what BlackberryOS provides.

    6: Look at reviews before buying apps.

    7: Look at what the app asks for security permissions. If a notepad app wants access to your contacts, phone, SMS, or perhaps even pops up the su dialog, get rid of it ASAP.

    8: If you use nandroid, consider some type of file encryption. This sucks when restoring a ROM image, but there are ways around that (decrypting the image while the SD card is mounted via USB, using a temporary ROM image with no data for decrypting, etc.)

    9: Use AdBlock with Dolphin Browser. Ad rotation services are a noted source of malware.

    10: Use known ROMs. The ROM ecosystem has been astoundingly clean for now, but it is only a matter of time before blackhats start adding their own "functionality" and putting ROMs on xda-developers and other sites.

    11: Consider PIN protecting your SIM card. This way, when you do a remote erase, the thief might have a clean phone, but won't have free access to bandwidth, SMS, or calling capabilities.

    12: Consider a "stuffbak" sticker. If the phone is found, at least there is a small chance it might get back to you, as opposed to 0 chance without it.

    13: Keep backups. This way, if you do lose your phone, you can get another Android phone, fire up Titanium Backup, log onto DropBox, type in your decryption key, and restore your apps with their saved data.

    14: Bug Google for them to put volume encryption (LUKS) into Android, so it can be used on the SD cards.

  6. Not all devices come with Android Market by tepples · · Score: 2

    Check out the android market and do a few searches for what you need.

    Unless your device didn't come with Android Market. A lot of Android-powered devices, especially Wi-Fi-only devices, run the AOSP version of Android instead of the OHA version. AOSP Android-powered tablets tend to come with AppsLib, and the user can install the APKs for SlideME Application Manager and Amazon Appstore, but Google doesn't officially offer Android Market for download as an APK.

  7. Use common sense. by alt236_ftw · · Score: 2

    Use common sense:

    1. Don't root unless you REALLY need to.
    2. If you are rooted, don't give root rights to an application unless you know what it is supposed to do AND you trust it to do just that.
    3. Install a firewall.
    4. Don't install applications from vendors you don't trust, or know little about.
    5. Read the reviews of an application. See what people complain about.
    6. Don't install applications which ask for rights that make little sense in context (a calculator which asks for access to the network and contacts for example).
    7. If unsure about some permissions, check the developer's website to see if there is a good explanation. If not, contact the developer directly and ask.
    8. If you suddenly find an app for free which you thought it was pay-only, check to see if it is cloned. If so, don't install it as it might be tampered.
    9. Check if the developer of an application matches who you know it should be. If not don't install it as it might be tampered.
    10. Personally I don't install or use an application which handles credit-card or bank account information directly/indirectly. This includes Paypal/Amazon and eBay. The reason for that is that I don't know how the information is stored on the phone, how it is transferred to the servers or if the authentication system is broken and can be hijacked (like the problem Google had the other day). Unfortunately I'm stuck with Google checkout, but I a secondary cash card.

    Steps 8 and 9 would have saved quite a few people from grief in the last malware outbreak.

    If you are so inclined (and rooted), you can also AdFree to block ad and some malware sites. This will also cause developers to lose income though.

    The permission system works well but only if there is no root exploit involved. Once an app gets root rights it can do just about anything. For example, it can download a precompiled linux executable which will send all application info from your phone to a remote server. This will include contacts/application and preferences (point 10 above).

  8. Android Security Practices by privateerlabs · · Score: 5, Interesting

    1. Use caution when installing software! Remember that the Android market place does not vouch for the security/integrity of the apps. To my knowledge, minimal analysis is performed on apps, but nothing that provides any real security guarantee to the mobile user. There is no guarantee that the app you are installing is not malicious in nature, or chuck full of software vulnerabilities. Many of the legitimate apps in the marketplace are rapidly developed by individuals with little or no secure coding background. Also I highly recommend you only install apps from publishers you trust and make sure you read the user comments. If the app has a few thousand reviews and rates at 4 stars this would often indicate added legitimacy.

    2. When installing apps be cautious of the permissions requested. The READ_PHONE_STATE permission permits access to sensitive device specific values that would normally be an invasion of privacy to supply. The problem arises when developers use a function called GetDeviceId() to get a unique ID for the mobile device that is later used for user account correlation on third-party services. The correct way to do this is to use Settings.Secure.ANDROID_ID. Google has a blog describing this issue in depth:
    http://ask.slashdot.org/story/11/05/20/188228/Ask-Slashdot-Android-Security-Practices
    Be very cautious with apps that ask to read/write SMS messages, read/write contacts, and place calls. Malware frequently uses these to pilfer unsuspecting users.

    3. Careful when jail breaking your phone. If you jailbreak your phone you are opening yourself up to more serious compromise. Ask yourself, if all you have to do is run "su" from a jail broken command shell, why can't a malicious app do the same and run as root? SuperUser.apk is a popular alternative to traditional dirty jail breaking. It attempts to guarantee that the user is active in the Android UI by prompting the user without a dialog asking if the privilege elevation should be allowed. Remember that you are allowing that particular app to escalate privilege from now on. If you allow "sh" to escalate to root then an app may be able to simply run the shell "sh" and then escalate from there.

    4. Firewalls are an option and will add another layer to the phone security, especially when connected to Wi-Fi access. Currently there aren't many remote attacks to listening services on the Android phone, but I wouldn't be surprised if we start seeing them with more frequency as more hackers started riding the wave.

    5. Disable services you are not currently using. For example; if you are not using Wi-Fi, then disable it until you need it. Same goes for Bluetooth.

    6. Remove unused apps. Many apps expose themselves to compromise by examining incoming text messages, integrating with mime/file types, etc. Go through your installed app lists and remove anything you don't use.

    7. Android security products are starting to appear on the market (shameless plug). Rather than blindly recommend ours I would rather recommend you search the Android Market for "security", "antivirus", "malware", and the similar criterion. Read the reviews and find something that will scan your apps prior to install.

    -Riley Hassell
    CEO,Founder | Privateer Labs
    email: riley@privateerlabs.net
    Website: http://www.privateerlabs.net/