Recently have come across a lot of noise around
‘Android being Unsafe’
How is your data (passwords, photos, contacts, etc.) not safe?
An application on Andriod is generally independent of other apps in the sense that it cannot read or write the files of other applications. But this is good till there is no app which has root access, a superuser, with access to complete file system. Do you know, applications like your email client and/or your browser, store the user passwords without any kind of encryption. Ever wondered how this app ‘True Caller’ has information on who is who. Coz Android community is open source and is the most popular slash used mobile platform, it is quite vulnerable to geeky malware attacks. Lately it has become as easy for an app to gain access to your data as just installing and clicking a button.
Explained in detail here with some recommendations: http://www.mobbeel.com/your-passwords-are-not-safe-in-android/
Recent articles by Wired and PCWorld claim the same! Both these articles refer the same McAfee report, which ofcourse can be a marketing gimmick to sell more AV products for obvious reasons… Android has 48% market share and growing with crazily high rate of 73% year on year.
Android lovers may counter argue by saying security is more people dependent than system dependent. If you use your common sense while downloading and installing apps you are absolutely safe. But can you really expect this common sense and/or know-how from every single person. Ideally yes, coz I cant imagine anyone being not concerned about the security of his/her personal data. But traditionally there is a huge gap between an ideal and practical world.
Keeping common sense aside, I decided to dig more information on the security architecture Android offers. Sandbox environment in Android shields one app to gain access of another, of sensitive OS features and asks for permission for various data points – access internet, adressbook, files, etc. All of this sounds good but the main problem with Android is one can not confine an android app to access only a specific url. Either there is all access to internet or not at all. The same applies to other sensitive data points – contacts, SMS’s, public folders in file-system etc… So till we have No “access on demand” feature in Android plus furhter fine grained security settings, this OS is not secure enough. As an open source platform it does have the possibility to achieve more secure system, but open is open for all even for bad geeks!
And am not even talking about iOS or Windows here. So the game is on…