Android’s security is often a popular topic. With over 2 billion devices running Android it has become the most popular mobile operating system, and a target that large brings the attention malicious actors. That being said, the proliferation of Android devices is built upon the diverse nature of the Android ecosystem. As we have discussed in previous blog posts, not all Androids are created equally. Many Android devices still in use are no longer supported by their Original Equipment Manufacturer (OEM), making these devices update zombies. Juicy targets for attackers to take advantage of. Over the course of time, Android has developed a secure operating system to counter this, and it is important to understand the ways you may threaten the security of your device, as well as strengthen it.
There are many varying opinions on the integrity of Android’s security, especially in comparison to their largest competitor; Apple. The common misconception between Apple and Android is that Apple phones are more secure. While Apple builds devices that can be difficult to attack, the user system is also harder to protect. Last year we wrote about how Android's security is accelerating by including user protections originally implemented for CopperheadOS. With Android devices, you can lock your phone down relatively easily with adjustable privacy settings. More importantly the diverse ecosystem of hardware manufacturers, software vendors and open-source projects all compete with each other and Apple, helping to secure user information and maintain data privacy.
The distinctions between these competitors comes down to the freedom and responsibility that they give to their users. Apple users will rely on Apple to keep their device safe and secure. While the Android community puts extensive work into building a safe and secure operating system, they also give their users more freedom to manipulate these protections. This leaves more opportunity for the user to either protect or expose their device. With this freedom comes the responsibility to take the necessary steps to protect your device from third-party attackers.
Yes, Android can get hacked. The most common methods of hacking Android is through malicious applications and outdated OS installs. That is why it is important to run a Secure Android variant and keep your OS updated for the device lifespan.
Through out this blog we will refer to ways all Android user can improve their security & habits, as well as ways CopperheadOS can contribute to security and resiliency.
Keep your Android device up to date. Malware developers target old versions of Android!
Upgrade your device when the manufacturer no longer supports their hardware.
Make use of security features such as Passphrase locks.
Be very certain you want to give Apps the permissions they request.
Migrate to a secure Android OS such as CopperheadOS.
- Hardened memory & kernel contribute greatly to resiliency.
- Improved sandboxing keeps data compartmentalized.
- Trusted by agencies and organizations for over 6 years
As an Android user it is important to understand the different security settings in order to secure your Android phone and be sure that you are not leaving yourself vulnerable to security threats. Armed with these strong security habits and a CopperheadOS Pixel device, you're ready to face the modern security threatscape.
Rooting your Android involves taking complete control of the operating system, giving you full access to the system directory and how your device operates. While rooting your smartphone unlocks endless possibilities to customize your device it also unlocks the ability to make changes to your operating system which are usually prevented otherwise.
There are many capabilities that come along with rooting your smartphone that can add to the customization, control of your device but if not approached in the correct way, it can threaten the safety of your smartphone.
By rooting your Android device, you have the ability to install applications which can then take advantage of the relaxed security to provide some extended function or service not otherwise possible. This poses a serious threat to your device and data. Apps on Google Play are forbidden from using features which rely on root access. Rooting allows you and the Apps you install to bypass critical security restrictions and install potentially malicious applications.
Rooting can be dangerous to your device, however custom OSs like CopperheadOS are tailored operating systems professionally developed to deliver advantages to your device. The Pixel family of device was designed with "rooting" in mind, allowing users and developers to unlock and relock the bootloader easily, even in the case of custom OSs. Be aware of Apps which ask you to root your device or demand that the bootloader remain unlocked to function. Without meticulous care any convenience provided can be used against you.
While applications on the Google Play Store are controlled, it is still possible to malware to slip through. Malware is a broad category of code which is intended to cause undesired effects to an operating system. These apps aim to infect and spread, jeopardizing the security of your smartphone, your personal data and potentially causing damage to your system software.
Many applications collect some form of information about you from your device whether that be location, email records, names, addresses or other data. Often this metadata, which is information about the information on your smartphone. The unfortunate thing is that not all companies are ethical or responsible in what they do with that information or how they protect it.
This is a known problem in the application industry, and it is something that violates the users data privacy. In a study done by Check Point Research, an investigation into only 23 apps on the Android Google Play Store found that the personal data of over 100 million users had been exposed. In some cases, this data is sold by these companies to third-party companies. They found that a majority of these leaks were linked to the misuse of cloud-services and the bad practices of the developers who do not value the protection of the information they collect.
This details why it is important to understand and control the permissions that each of your applications have.
Ransomware is becoming more common amongst cybercriminals. This type of attack involves accessing and locking out devices and data, demanding payment to restore access. In 2020 an Android ransomware known as ScarePackage hit 90 000 smartphones in just 30 days. This ransomware made the victim smartphone inoperable and attempted to extort the victim with a message declaring that you are a criminal under investigation by the FBI, and the victim will need to send hundreds of dollars to have their device unlocked.
Using 2 Factor Authentication and being aware of the applications which you download and the access they request is an important part of controlling these threats.
Android has a number of impactful security settings that can be activated to protect your device. While some of these are initiated as default settings on the device there are others that take a little more effort but are worth it for the extra security strength. The best practice would be to upgrade your smart phone to the newest CopperheadOS Pixel available.
Being sure that your phones’ is always updated with the latest security software is important to protecting your device and personal data. By enabling automatic updates, you don’t have to worry about checking for the release of new security patches. Android can keep itself up-to-date, and the latest versions of security and system patches are the best defense against malware.
To turn on automatic updates for your security policies:
Head to your System Settings -> Select Lock screen and Security -> Head to Other Security Settings -> Tap Security Policy Updates -> Turn on Automatic Updates
Setting up a Screen Lock for your device is a critical first step for many when getting a new device. None the less if you don’t have one, get on it! If your device is lost or stolen the last thing you want is a stranger having access to all of your personal information. Also, consider changing your lock screen notification settings to avoid visible content while the device is still locked. Avoid extra setup with CopperheadOS, featuring privacy enhancing defaults.
An additional feature to the Android screen lock is the Smart Lock option. The idea behind Smart Lock is to unlock your device while in familiar location, on your person or around familiar devices. There are three options for Smart Lock: On-body detection, Trusted places and trusted devices.
Note: Smart Lock features should always be used in well considered situations. On-body detection cannot identify you from another person so if someone takes your device while it is unlocked it will remain unlocked while on their person. Trusted places and devices can leave you vulnerable should associated networks or devices become compromised themselves. Or leaving your phone at your desk at work might leave your device and workstation both vulnerable.
The application Find My Device is used to track your device and give you the ability to track your phone in the event it is lost or stolen.
Install Find My Device app: Head to your System Settings -> Select Biometrics and Security -> Tap Find My Device and Toggle On.
Note: Your location permissions must be enabled for this application.
Understanding the permissions which apps on your device request is a great first step in securing the privacy of your information. As a default, Android apps are not able to access to your personal data, unless you intentionally or unintentionally give each permission to do so. In many cases it is easy to overlook these permission requests, which is why it is a good practice to regularly check these settings.
Head to your System Settings -> Select the Privacy section of the settings -> Find the Permission Manager
From here you can select a variety of different permissions (Contacts, Phone, Location, Camera etc.) and see what applications have access to each. You can also select one app at a time and see what permissions they have.
By selecting the app you can choose the level of access each app has for the given permission.
CopperheadOS features a permissions hub which gives you a quick reference at a glance for which permissions are being requested, and which apps are using which permissions.
Google Chrome’s Safe Browsing is a default for the Android version of the Chrome browser. Safe Browsing alerts you whenever you try to access a potentially threatening site. There is also a more secure version called Enhanced Safe Browsing which you must activate yourself. These settings are in place to ensure secure browsing on Android devices, protecting users from potentially malicious websites and downloads on their smart phones.
To ensure that Safe Browsing is enabled on your Google Chrome or CopperheadOS Chromium browser:
Open Google Chrome on your Android device -> Find More Settings at the top right -> Select Privacy and Security -> Safe Browsing & choose the level of Safe Browsing.
Google Play Protect is enabled by default on your Android smartphone. This feature is a malware scanner than continuously monitors every app that has been installed on your device. This also applies to any app which you are about to install, ensuring that no malicious software is being downloaded to your android device.
To confirm that Google Play Protect is enabled and view a report of your systems applications:
- Head to your System Settings -> Select Biometrics and Security -> From Security -> Select Google Play Protect.
CopperheadOS users can take advantage of the Google Play Store as a trustworthy place to obtain the Android apps they depend on through Aurora Store. The Aurora Store app is an open source front-end for the Google Play Store.
One of the greatest advantages to Android is it’s open source capabilities, allowing developers to take the code and build their own operating system with different features and advantages. By installing a custom OS, you are basically replacing your Android’s operating system with a new version.
Installing a custom OS may be your best option when considering the most effective way to protect your device from the many ongoing mobile security threats today. These operating systems can provide better privacy, security and overall performance of your device.
Custom ROM's that are not well-established and run by anonymous authors can steal your data and take control over your device. It is important to run custom ROM's from projects and companies that are public and well-established. Caution is advised if a custom ROM requires rooting your device, if the entire project is run by anonymous authors or if the ROM project does not have a verifiable identity -- a website, a contact address, and articles written by established journalists.
CopperheadOS is a secure and privacy OS that is designed to reinforce your phone’s privacy and security features. Our operating system prides itself in the anonymity of its users with a number of attributes protecting local data information, masking data from unauthorized access, and driving a higher level of security against hackers.
Some of the key features of CopperheadOS include:
- Geolocation protection
- Data protection
- Hardened kernel
- Fortified sandboxing
- Disabled analytics and permissions
- VPN support
- SELinux policies
- Hardened allocator
- Secure memory management