Security Aspects to Consider while Developing Android Apps
According to a press release by the global research and consulting firm Strategy Analytics, “Android’s domination of global smartphone shipments remained strong in Q3 2016, with a record 88 percent of all smartphones now running Google’s OS. Android’s gain came at the expense of every major rival platform. Apple iOS lost ground to Android and dipped to 12 percent share worldwide in Q3 2016, due to a lackluster performance in China and Africa.” The massive popularity and huge worldwide market share of Google’s mobile operating system make Android devices and apps more vulnerable to targeted security attacks.
A number of studies have shown that over 80% of Android devices are prone to cyber attacks. Its open source nature further makes Android prone to new bugs and malware attacks on a regular basis. The security vulnerabilities dissuade many users from sharing their personal information, and indulging in mobile commerce transactions and in-app purchases. Hence, the developers have to include robust security features in Android apps to make them popular and profitable. At the same time, they also need to keep in mind a number of important security issues while developing a new Android app.
Identifying 7 Important Security Issues in Android App Development
1) Openness and Customizable
Unlike iOS, Android is open source. Google allows hardware manufacturers to customize its mobile operating system according to their specific needs. So many manufacturers make changes to the original features and functionality of Android to make their devices different. Sometimes changes made by hardware manufacturers result in security loopholes, and make the mobile platform more vulnerable to malware attacks.
2) Device Fragmentation
Often device manufacturers customize Android to make their devices different. But the changes made to the mobile operating system differ from one hardware manufacturer to another. Some manufacturers even try to enhance the performance of their devices by adding custom layers or launchers to Android. Hence, security of individual Android devices differs. Sometimes the changes made by the manufacturer to the core mobile operating system affect the security of devices shipped by the company exclusively.
3) Discovered Security Flaws
Android has been attacked cyber criminals continuously with new malware and malicious software. Many companies have identified a number of major security flaws — Andr/DrSheep-A, vAndr/Generic-S, Andr/BatterD-A and Andr/PJApps-C — in Android since its inception. Often the users fail to identify the presence of the malware and malicious software on their Android devices. But each security flaw affected the security of millions of Android devices at once, and made the personal information of users accessible to cyber criminals. Hence, each Android app must include features to keep sensitive user data secure and inaccessible.
4) Lack of Security Updates
Apple can easily eliminate the security loopholes in its operating system by updating all mobile devices with a new version of iOS. But many studies have indicated that a large percentage of Android devices do not receive security updates. Google releases security updated promptly each time a new security flaw is detected by users. But the company cannot ensure that each device receives the latest security updates as it does not have full control over the devices.
5) Presence of Malicious Apps in Play Store
A number of reports have highlighted the presence of several malicious apps in Google Play Store. Google also does not have an effective policy to identify and remove the malicious apps from its app store immediately. Each year Google removes several malicious applications from Play Store. For instance, the company removed 100 malicious apps from Play Store in 2011. Most malicious apps can compromise the personals and sensitive information of users. Thus, a single malicious app or game in Play Store can affect millions of users at a time.
6) Option to Install Third-Party Apps
The users have option to download and install Android apps from various app stores. In addition to downloading apps from Play Store, the users can also install third-party apps available at Amazon. Likewise, they can also download several cloned and cracked apps from websites like PJApps and Blackmart, and install them on their Android devices by changing the settings. These third-party apps make it easier for mobile malware writers to attack the Android devices and operating system.
7) Security Issues Created by Changes Made by Google
Sometimes changes and updates made by Google affect the security of its mobile operating system adversely. For instance, the company designed Android 5.0 Lollipop with several new security features including default device encryption. But it subsequently disables default device encryption in order to increase the speed of mobile devices. Despite increasing the speed of smartphones and tablets, the absence of default device encryption made the devices vulnerable to various malware attacks.
On the whole, the developers have to keep in mind a variety of security aspects to make their Android app popular and profitable. However, the developers can address the security issues in Android app development in a number of ways. Often hackers execute malware attacks by taking advantage of the vulnerability in the source code of a mobile app. The developers can easily make their Android apps secure by analyzing both application code and third-party code to reduce the impact of malware attacks.
Google recommends developers to reduce the impact of application security issues by taking advantage of Android’s built-in security features. Additionally, it requires Android app developers to focus on common security concerns like internal/external storage, content providers, permission requests, network, input validation, and user data management. Also, the developers can always address the Android security issues effectively by implementing various tips and best practices.