Along with the alarming growth of the user base for Android run handsets around the globe, it has also become the most vulnerable mobile OS. This is evident from the fact that many popular apps such as Dropbox, Snapchat, and Uber have been hacked in recent times, said Wegilant, an emerging mobile apps security company.
The open nature of Android OS has given rise to Android Security Bugs, Loopholes and Vulnerabilities. Although Android has security features built into the operating system that significantly reduce the frequency and impact of application security issues, it still is a prime target for hackers. It has, today, grown so significant that many applications continue to face challenges pertaining to security. Recently, Google also stopped providing security updates for devices running on Android 4.3 Jellybean and earlier.
Toshendra Sharma, Founder & CEO, Wegilant commented, “There are around One billion Android users in the world and Android has targeted to take this figure to 1.5 Billion by the end of this year. Considering the number, it is crucial for Google to push out security updates for the WebView tool within Android on Android 4.3 Jelly Bean.”
When the Android mobile OS project was launched at the end of 2007, Google’s intention was not to push for its own purposes but to allow developers to experiment with the code and create their own versions of Android. This came as a big advantage for developers as well as hackers. The latter could easily use the Android Open Source Project for understanding the structure of Android and finding loopholes in it. The core problem is that Android fails to validate public key infrastructure certificate chains for app digital signatures. Unfortunately today, when users are spending more time on smartphones for n-number of purposes, most of them are completely unaware of pertaining security issues, keeping their private and corporate data vulnerable to hackers, adds Toshendra.
Studies suggest that most of the apps requested more Android permissions than they actually use, as recently was the case with Uber app, which they term as “over-privileged”. This increases the propensity of security issues.
Apart from Wegilant, there are others who have validated this issue in the Android operating system. Tod Beardsley, a veteran Rapid7 engineering manager to Forbes with years of experience in the security industry, occasional speaker at security conferences and member of the IEEE has also pointed out similar loopholes and vulnerabilities. Apart from him, various publications including Wall Street Journal and Forbes have raised issues on how Google needs to address the issue of fixing security bugs in Android 4.3 Jelly Bean.