1 Million Android Devices Breached – How Does This Happen?


It’s recently been announced that over 1 million phones have been infected by malware. Obviously, we’ve got some impressive piece of anti-virus to recommend… Right?

If you’re a regular iPhone and iTunes Store user, you have nothing to worry about. If you’re on Android, you’ll also be just fine as long as you stick with the Google Play Store or Amazon App Store. These app markets publish certified applications from registered developers, and when any malicious software is discovered, the smartphone will receive  “kill bits” that block those apps from ever running again.

When you’re using these smartphones and app stores as designed, you can’t download apps from untrusted providers on the internet. Infections will rely on hard-to-find vulnerabilities and devices that aren’t kept up-to-date. Modern apps rarely have enough access to the device to actually do damage, and they are often  completely unaware of other apps on the device and have no way to interoperate with them. This also means that most anti-virus software offerings for smartphones are ineffectual. You may be able to detect an infected Windows executable that’s been uploaded to the SD card, but that’s about it.

So, what happened in this breach? The vast majority of infected devices are in Asian countries, where far more people enable “Third Party Applications“, a feature that allows you to install apps from anywhere. Afterwards, they’ll visit shady app markets that often contain illegally cracked apps or software that is too good to be true. When they install those apps, they’ll grant nearly full permission for the app to access the device. Finally, once installed, there’s nothing preventing the app from contacting a command-and-control server, downloads additional malware, and stealing much of the user’s protected information.

Unless the device is jailbroken, a victim won’t lose complete control of their phone, but it can be a way in for hackers to find bank account information, Google Authentication, and other private data.

Our recommendations:

  • Keep Your Device Up To Date – Most of these infections happened on Android 4 – “Kit Kat”
  • Use Common Sense – Don’t download apps from people or stores you don’t trust completely.
    • Apple, Google, Microsoft, and Amazon have stringent vetting processes and the ability to instantly ban malicious actors, while most other vendors do not.
While we don’t recommend anti-virus products for typical phone users, we do recommend Intune and other MDMs for devices that need to access corporate data. This helps insure that only trusted, locked-down, and up-to-date devices can be used to access your protected information, and can wipe and reset the phone remotely if necessary. Contact RWA to learn more.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *