When we solve, we are referring to our own terminal. As we said our companion William in ALT1040, is the responsibility of manufacturers of the teams to develop and launch the appropriate updates to eliminate this operating system vulnerability. Google, on the other hand, it would have made the respective changes in its app store, but that is not where the problem lies. First, we will see what this is all about, then talk about the actions we can take to resolve the security vulnerability in Android and, incidentally, will also talk about best practices for downloading applications.
What is the vulnerability
I had not heard about security problems on Android brutal, but at the time, were commonplace. After some time off, Bluebox, a security company specializing in BYOD (Bring Your Own Device ) brings to the table this important discovery, revealed last night by the company’s CTO Jeff Forristal. This discovered vulnerability affects all Android devices from 1.6 , which translates into about 99 percent of active terminals.
To understand what this vulnerability, we must first talk about the digital signature serves to certify applications that we got. All Android applications, even those that we got from Google Play or those that come by default on your computer, whether they belong to the operating system or because they are included in the customization layer that puts the manufacturer, have a cryptographic key .
This key is a “key” that allows us, among other things, update from Google Play. Without this key, we could not do the update. Now this system should not bring problems to the table if it were not for this vulnerability. According to Bluebox, there is a way of getting into the “guts” of any application, and use it for whatever we want without having cryptographic key . This means that not only can change the apps that we got off of Google Play, but also can modify system applications, though we as users we realize.
In reality, what this means? Anyone who has noticed this vulnerability, and take, could have access to all the information that is stored within a smartphone . In fact, it could control the computer so that might even make calls, send text messages, emails, and take pictures activating the camera. As we can see, a serious problem.
Who is affectedWhen we say that 99 percent of the teams could be affected, this is not to say that right now, if you have a terminal with a recent version of Android there is someone somewhere in the world taking pictures with our camera. This vulnerability is not going to affect whether, for example, only got off Google Play applications. And, for the average user, is what usually happens: APK not lower the application because it is more convenient to download them from the PlayStation Store, unless an application is not available but you really want to use (eg Falcon Pro).
case apart is if we have a terminal with root permissions and ROMs modified . These are the users who are most at risk . Why? Precisely, the team have done root, most applications have access to the entire system as a normal user. On the other hand, the brand new Samsung Galaxy S4 owners need not worry, as the flagship of the Korean company addresses with TouchWiz customization layer security problem recently discovered Android. The rest of the terminal, however, they are at risk.
Firstprecautions
The first step to resolve the security vulnerability in Android’s look if we can do this, ie install applications that do not come from Google Play. In order to establish this, we can enter from the Settings the device, Security section . One of the options we will allow the installation of applications “unknown sources” , ie that do not come directly from Google Play. By default, we should have this option enabled, but it never hurts to review.
Second, should review the applications we have installed and the permissions that are used in our device. There are known cases of the applications that are abused, and we’re talking here of apps that until we got off of Google Play. If you do not use regularly, and we can think of a few seconds for what we will need in the near future, we should get rid of it. In any case, we can always re-download.
Securitywhen installing applications
few months ago, we present a guide with tips for safely install applications on Android . From Bluebox recommend us only install applications from Google Play or from sources that we know are entirely reliable, but it is a good time to remember some best practices for users of Android, to be followed not only to resolve the security vulnerability in Android but also to be able to stay calmer when downloading applications.
-
First, be advised that within the Security panel we find the possibility to block the installation of applications from unknown sources. We repeat to keep in mind. This can be checked from Settings> Security .
-
Google user community Play is huge and many of them tend to leave comments on applications to discuss their experiences. Before unburden an application, we should review these comments for what we are about to install, and what were the experiences of people with our same terminal or one in the same range.
-
Another option we have is review permits that we will ask the application once it is installed. In this case, we must check that permits are logical and are going too far. If we find some permissions “rare” to information they do not need, we should avoid downloading this app.
-
In this sense, it is also worth review other applications having the developer in Google Play , and review your comments. If we find anything suspicious, then we must find an alternative.
- Once installed
applications, we can keep track through Activity Monitor of the phone to see what applications are running in the background and why.
-
Finally, we use our intelligence, common sense , before downloading applications that can be a security risk. If we have any doubt, try to trust our instincts and avoid installation.
No comments:
Post a Comment