Most Android users brush off the malware problem or are just unaware that such a problem exists in the first place. News Flash: Google Play store is teaming with security flaws. There are malicious traits of apps discovered every day. However, supporters of Google play will point out that malware is more likely in third party software than Google. The assault of malware has significantly increased with a change in the latest app permission. Novice developers are opening doors for malware unknowingly.
Google App store has a security hole
Two researchers from Columbia Engineering point out that there is a more serious flaw in the Google App store besides what is known. These two researchers have inspected Google Play security with a tool designed to circumvent all the known Google security measures in order to recover and download from Google Play Apps source. They were successful in downloading over 1.1 million Android apps and decompile an estimated 880,000 non-paid apps. From the study, the researchers concluded that the developers often lock up privy keys in the software of the app which includes information of password and username for Amazon, Facebook, and other social networking sites. Data, when extracted from these channels, can leave the user exposed and vulnerable to attacks even after deleting that app.
Last year, there was an astonishing 523 flaws reported for Android, the highest number across all operating systems. Following Android was Debian Linux at 327 vulnerabilities.
In contradiction, over the entire span of MAC OS being in the market, the number stands low at 1,670 flaws.
As a corrective measure, Google has launched an App Security Program (ASI). In less than 6 months, the ASI has guided over 90,000 developers to identify potential security issues in the pool of Android applications. Currently, Google has shortlisted 26 threats which every developer must identify and fix in applications. The ASI program also sends out an immediate notification to the developer when a flaw is detected.
Nothing is as secure as VPN
Think of VPN as the walls of Troy for Internet and malware security. The security model provided by VPN covers confidentiality (even when the network traffic is at the packet level, the attacker will see only encrypted data), message integrity (maintained in the face of data tampering), and sender authentication (in order to refrain unauthorized access to the VPN).