Balancing Android Openness With Mobile Security
Test and Monitor | Posted August 04, 2015

As one my favorite characters from the video game Deus Ex, Prichard would say, “You don't fix an entire firewall Jensen, you find the hole and you plug it.” The same can really be said about anything else in the world of technology. All software is doomed to be insecure in some capacity. This is why you’ll hear a lot of scuffle between software testers about never finding every bug, therefore applications never being 100% defect-free.

[Tweet ""All software is doomed to be insecure in some capacity." Quote by @BearQuality on #Stagefright"]

Enter The Stagefright

The discovery of StageFright has mobile users and security experts in an uproar. The rhetoric has scaled from the typical, “Why the heck isn’t there an update for this yet!?” to the more extreme, “I’m leaving Android for iOS. Enough is enough!”

As someone who doesn’t take software security for granted, I understand the fact that we will never be completely safe from these types of security exploits. iOS may in fact be safer, but to say that there aren’t exploits deeply embedded in iOS, yet to be discovered, is just crazy talk. I promise you there are and it’s just a matter of time until some mobile security firm finds them.

That being said, the problem with Android OS is obvious. It is very hard for Google and device manufacturers to stay on track with frequent updates due to the fragmentation of devices for Android. One update for Android has the potential to secure their most popular devices, but can still wreak havoc on several other devices that weren’t taken into account and tested for a given Android OS software release. On a few occasions, I’ve updated to a new version of Andoid OS, just to realize that some of the apps I frequently use would become broken. This would end with me rolling back. I understand the security risks in doing so, but I need my apps working dammit! (But seriously, this is how most mobile users think.)

Security Defects in the Shadows

What really makes this frightening is that security experts believe these vulnerabilities are already being exploited and hackers can do so without any user interaction. Android users now know that they are vulnerable, yet they are at the mercy of their phone manufacturer to implement the proper software updates to plug the holes. And as long as fragmentation is the main problem with Android, these security flaws will just continue to rear their ugly heads.

Higher Mobile Market Share Correlates To More Security Flaws

It is also important to point out that Android makes up a larger part of the mobile market than Apple, making security exploits, such as Stagefright, more lucrative.

IDC most recent data shows Apple increasing the number of iOS units shipped between 2015 and 2019 from 237 million to 274.5 million , but it’s market share will dip 2.2 percent to 14.2 percent. During the same period the number of smartphones using Android will hit 1.53 billion, up from 1.2 billion in 2015, but its marketshare will remain static at about 79 percent. Apple iOS And Google Android Smartphone Market Share Flattening: IDC, Doug Olenick, Forbes

As a hacker, spending more time on exploiting devices that make up the most market share is a no-brainer. With a combination of poor update policies and high marketshare for Android devices, Android OS will continue to be the target for hackers looking to steal your data trapped in your mobile device. The same reason can support why Windows faces more  scrutiny over security flaws than MacOS. Being easier to hack is just secondary.

Android users need to take a serious look at how they use their devices and decide whether or not the inherent security issues of using an open market OS such as Android outweighs the benefits of the openness of it all.

Protecting Yourself from Stagefright

There are ways to protect yourself from the exploits while you wait for the latest update, and it doesn’t require you opting to buy an iPhone 6. Zimperium a leader in mobile security and the company to unveil StageFright has posted some steps to protect your Android phone. The first is making sure you have the latest versions of Android OS on your phone at all times, but if your device manufacturer has yet release a new update, then go ahead and disable Auto-Fetching MMS in Google Hangouts.

For the latest updates on Stagefright and how to protect your device, check out this article by Zimperium -