Why you should be worried about the security of your Android phone

Security flaw in 99 per cent of devices
Android mascots are lined up in the demonstration area at the Google I/O Developers Conference in the Moscone Center in San Francisco, California, May 10, 2011. REUTERS/Beck Diefenbach (UNITED STATES - Tags: SCI TECH BUSINESS)
(Beck Diefenbach/Reuters)

A San Francisco tech security firm is raising concerns about the security of all Android smartphones manufactured since 2009.

A flaw was discovered by a research team at the mobile device security firm Bluebox Security, which says that 99 per cent of Android smartphones could be hacked and infected with a Trojan virus. Any model bought in the past four years is vulnerable, which the security company estimates to be 900 million devices.

“Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet,” writes Bluebox CTO Jeff Forristal on the company’s blog.

Given that many smartphones are connected to other servers, the potential ramifications are amplified for businesses that use Androids.

Forristal goes on to write that Bluebox Security notified Google of the potential problem in February of this year.

TechCrunch reports that there is already a patch to fix the issue on the Samsung Galaxy S4. Google, however, has yet to release a fix. And it’s not commenting on the Blubox report at this time.

Tech blog Gigaom writes that Google has made security updates to its Play Store, so users downloading apps from this source should be relatively secure.

Until Google develops a patch to fix the problem, Bluebox recommend that Android users take these precautions:

  • Device owners should be extra cautious in identifying the publisher of the app they want to download.
  • Enterprises with BYOD implementations should use this news to prompt all users to update their devices, and to highlight the importance of keeping their devices updated.
  • IT should see this vulnerability as another driver to move beyond just device management to focus on deep device integrity checking and securing corporate data.