Google Play Store changes opens door to cybercrooks
Last week, Google upgraded the Android app section of its store and introduced a new way for users to manage permissions. Google claims it will be easier for users to understand and that users will pay more attention to app permissions. The new interface has a cleaner look and the common user can now install apps more quickly. But does this simplicity come with a price?
Android controls the security and the amount of access every app is granted by using “permissions". Each action has to ask the operating system for permission to take a new action. In older versions, when an app update asked for new actions or requested additional permissions, Google Play would notify the user prompting them to explicitly accept or deny the new action. Even if the user had automatic updates set, in the cases of new permissions being asked, the user would need to manually perform the update. Even if the user wasn’t exactly sure what they were giving permission for, at least the user was aware and could make the decision themselves. Security was preserved.
Everything changed last week.
Individual permissions, which could range from important to trivial, are now joined into 13 groups, including a catch-all called “Other”. Now the user has to accept a “new group” change. This means that if you have already allowed certain permissions within a group, then any other permission within that group will automatically be allowed. For example, an app that could access your calendar can now also read your contacts. If you set a meeting and have invited people by email, the app will be able to use the calendar to send emails to them, even without your consent!
Another example: You install an app with reasonable permissions and it becomes part of your regular Android usage. Then an update is released by that app, and it starts to monitor your browsing habits (one of those “Other” permissions.) Now the app has become rogue and can track you via GPS, access your SMS content, and, of course, your personal data such as documents, photos, music, videos. Cybercrooks could use this as scareware to frighten you by letting you know that they know your location, browsing history, or even contact you by SMS and threatening you. Ransomware could even lock your phone and demand money from you to unlock it.
This “Other” group is cause for concern. Access to the internet belongs under the “Other” group; the reasoning being that most apps need internet access in order to work and you don’t need to know that. Aren’t you worried about that?
Google Play is still more secure when it comes to malware than 3rd party stores, but with this change, you to should be aware of how you can control your privacy. Here are three features in avast! Mobile Security that can help:
Privacy scanning checks all your apps and their major permissions. If you discover an app that’s “permission hungry”, you can uninstall it or in some devices block the access to certain areas, for instance your contacts or your location.
Another AVAST feature is Firewall. With Firewall you can block apps from connecting to the Internet, which prevents them from communicating with servers that may try to collect your personal data for malicious purposes. Firewall gives you two options: To blacklist apps or to whitelist them all. Blacklisting allows you to choose specific apps to block from the internet/data connection. Whitelisting is more radical than blacklisting. With whitelisting you have to specifically grant apps permission to use the internet, access data or your roaming connection. To use Firewall, you need root access to your phone or tablet.
The third “old” but completely effective feature is Antivirus. Mobile malware has grown and expanded in the last two years and is showing no signs of slowing down. AVAST's ability to detect and block spyware and ransomware provides you with a highly effective layer of defense.
Remember to use common sense and think twice about an app’s features and then decide which permissions it should have.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
The Avast Threat Intelligence Team explains Ghost Push and how you can protect yourself.
We take a look at which apps kill your smartphone's battery, fill up its storage to the brim, and hit your monthly data plan hard.