The Android Risk | Smart Thinking Solutions

There are many posts on Smart Thinking highlighting malicious Android apps and I am constantly reminding you that if you have Android devices in your bring-your-own-device (BYOD) scheme then you need to take positive steps to manage them. Even if they are not your devices, they will have your information on them.

Here is an excellent article by Dan Goodin on Ars Technica that discusses the risks.

Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica

Overall, Android devices have earned a decidedly mixed reputation for security. While the OS itself and Google’s Pixels have stood up over the years against software exploits, the never-ending flow of malicious apps in Google Play and vulnerable devices from some third-party manufacturers have tarnished its image.
Dan Goodin, Ars Technica

The article includes evidence from Trend Micro, TechCrunch and Sophos that a range of low-cost Android devices are supplied with malware already installed and that it is nearly impossible for users to remove it! As many as 8.9 million phones across 50 brands were infected with Guerrilla malware.

This malware gets regular updates, whilst installed and steals information that the threat actors then sell onto advertisers. The malware also installs aggressive advertising platforms that can have an adverse effect battery life.

But Guerrilla does not stop at advertising, there are plenty of plugins available to add malicious functionality, such as hijacking WhatsApp, injecting ads into legitimate apps or installing any other malware the threat actor wants.

Have a read it will make you think about BYOD and Android devices.

This advice applies to Apple as well

And just before we go on – Apple devices also need the same management. May be not for the same reasons – their Walled Garden App Store does a pretty good job of stopping malware – but it is still your information on someone else’s device.

Do you want to know more?

Clive Catton MSc (Cyber Security) – by-line and other articles

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

This advice applies to Apple as well

Further Reading