Breaking News

Friday, March 28, 2014

How much SECURE is your android phone?

Do you know one of the most important reason for android's success?

It is it's open source, but does it takes care of SECURITY of the user data ? Lets have a look!

In an android phone, any application which has access to memory card can access any folder on the memory card. So you must be thinking what's wrong with that?

Let me explain with you an example

1. Suppose you have Whatsapp installed on your phone. Whatsapp takes backup of all the chat conversations and it is stored as suppose /sdcard/whatsapp/Database

2. Now one fine day you install any application. I am not taking any specific applications name, but let us suppose you download a TO-DO application which can help you to remind you your tasks on time. This applications save its application related data on say /sdcard/todoapp

3. In all other operating system of mobile phone like iOS & Windows Phone, One application cannot access other applications folder. In our case if it would have been iOS & Windows Phone Then Whatsapp cannot access any files/folders of  /sdcard/todoapp & Similarly TO-DO application cannot access any files and folders of /sdcard/whatsapp. But in Android it is possible, Whatsapp can access TO-DO's data folders and vice versa.

4. So generalizing this any application can access any other application's data folder! So what is the SECURITY RISK in this?

5. Using this loop hole/ Security lapse of android any android developer can develop a application which can do two task.

        - Primary task of the application will be to just show you the UI where user feels it's just a TO-DO list application.

        - Secondary task will be to upload all the database files of /sdcard/whatsapp to any personal server.

Interested in 50 Incredible Android Hacks? Have a look at this article.

6. Yes you heard it right, all the images, database i.e your personal chat conversation's can be easily uploaded to a third party / Hacker / Intruders website via such application without your knowledge!

7. Now you must be thinking whats the big deal if the hackers uploads all the conversations, it is totally secured & encrypted. So it will be of no use to him

        - First thing is that even though your conversations are encrypted, It can be easily decrypted. Since i have taken example of whatsapp, here is the procedure to easily decrypt whatsapp conversations!

       - Second thing is that i am not only talking about Whatsapp or any specific applications. There will be lot of personal information stored on phone, Messages from Bank, Contact Information, Bank Information, Personal Images/Photos, Videos and lot many never ending stuffs which you will never want it to be shared with any one.

So what do you think, Android which is a product of search giant Google is unaware of this security flaw? Is google OK with such security lapse under the guise of giving freedom and not restricting access to other folder as other mobile OS's have???

The Answer to this Question is NO! Google though lately but has now really felt the importance of such security and thus in their latest update of Android 4.4 which is also know as Kit-Kat, they have tried to impose (I am using the word impose, because without information developers Google has brought this update thus making thousands of application on play store not functioning properly. Click here to know more about the problems being faced by the developers) the application security by partially implementing the app restrictions on folder access.

Want to know more about what security features have been updated related to application folder access in the latest Android 4.4 - Kit-Kat, Click here 

No comments:

Post a Comment

Designed By