Security and settings: Google Android tablets / smartphones

What you need to know about the security and settings of a Google Android tablet or smartphone

Google’s mobile operating system, Android, powers more mobile tablets and smartphones than any other, including Apple’s iOS operating system. There are many versions, code-named after candy and cakes, dating back to 2008. The current version at the time of writing, first released in 2015, is called Marshmallow.

The following Wikipedia page provides information on all of the versions.

Android version history – https://en.wikipedia.org/wiki/Android_version_history

Google does not force device manufacturers to provide security updates for Android devices

There are so many devices running the many of the versions of Android that Google does not enforce the delivery of security updates by the device manufacturers. There are so many makes and models of Android devices and most of the manufacturers do not provide upgrades to later versions or to the current Marshmallow version, mainly because it involves work that hits their profit margins and so they would prefer customers to buy the latest devices, which is a bit of a cheek, because even the cheapest devices are not that cheap, but they are not expensive enough for the trouble and cost it takes to provide upgrades.

In 2013, I bought an inexpensive Tesco Hudl tablet that runs Android 4.2.2 (Jelly Bean – 4.1 to 4.3.1 – 2012/2013) that came with a leather case for £129.00. It works very well but it still runs Jelly Bean. Tesco will not be updating it to any of the later versions and Google has stopped providing security and browser updates for Jelly Bean (4.3 and earlier versions). Consequently, I own a tablet that is full of unpatched security holes.

Fortunately, I just use it for testing websites, but many people could be using their insecure devices for accessing websites that only require username/password entry, such as PayPal and Amazon, which is definitely not advisable.

Additional security provided by banks

Banks require extra user input, usually a number generated by a personal device that can only be used once. Even so, I would not use an Android device to access them from a website or by using an app. Note well, that unless the bank is to blame, users are now being held responsible for fraud perpetrated on their accounts.

Apple allows all of its mobile devices to be updated

If a security hole is discovered in Apple’s iOS mobile operating system for phones and tablets, Apple merely has to provide all supported devices with updates automatically in the same way as Windows Update provides updates for all of the versions of Windows that Microsoft is still supporting. Support for Windows XP ended in June 2014, so no updates are provided for it, but it is still being used by many millions of PCs.

Android versions that use a vulnerable default web browser

During the time of version 4.1 of Android (Jelly Bean – 2012), Google started to develop Google Play Services through the Google Play store that updates certain features, avoiding having to provide an upgrade to versions of Android in use but not being upgraded by the device manufacturers. However, all Android devices running version 4.4.4 (KitKat) and older – that is, most Android devices – have a default web browser that is very vulnerable because Google can’t update it. Users of those version should download and install another browser, such as the mobile version of Firefox, which will update itself.

You can find out which version of Android your devices are using by visiting http://whatismyandroidversion.com/. The site tells you that information immediately if it detects a version of Android.

Android allows users to see which permissions an app requires before installation, but does not provide controls

Android now allows its users to see which permissions an app requires before installation, but provides no controls, just take it or leave it, whereas Apple’s iOS allows users to choose what an app is allowed to access. The image below shows what the Android version of the Avast anti-virus scanner requires to access. Identity, contacts, location, phone number? Why does an anti-virus app need that information and are you prepared to allow it that access?

Personally, I am not that willing, especially given how ineffective anti-virus apps are at protecting Android, compared to how effective they are at protecting a Windows PC. I have never fallen victim to a serious virus or phishing fraud on a Windows PC because I apply security advice religiously.

Avast Android permissions. Showing what the Android version of the Avast anti-virus scanner requires to access

Avast Android permissions. Showing what the Android version of the Avast anti-virus scanner requires to access

Anti-virus apps are not very effective in Android

Anti-virus apps are not very effective in Android. Windows allows anti-virus software the low-level access to files and system files that makes effective scanning possible. Android can only restrict apps to running in protected sandboxes, which have restricted permissions; it cannot allow an anti-virus scanner the low-level access required to scan files for malware. In fact, if malware exploits a security vulnerability, it is running at a higher permission level than the scanner. An Android anti-virus app just reads a list of apps and checks their names against a list of known rogue apps. It can also monitor online activity and prevent the user from visiting known malware-infected websites or from downloading apps known to carry malware infections.

Most malware for Android devices is downloaded outside Google Play

Fortunately, Google Play scans all of the apps it provides, constantly looking for malware. That is why most malware is downloaded outside Google Play. For example, Chinese apps can often contain malware. In any case, it is wise only to use Android devices that receive the latest security updates directly from Google, such as Google’s own Nexus devices.

I would not use Android in particular or Apple’s iOS to access any account online that requires only a user-name/password login, or even a bank account that requires users to input a number generated by a machine provided to them by the bank.

As soon as you buy an Android device it’s advisable check its Setting app

As soon as you buy an Android device, it is highly advisable to access its Settings app, because otherwise you will be providing Google with all of your personal data stored on that device and every other device or PC that you access your Google account on, because they can all synchronize their information with each other. So, the information on your laptop is provided to your tablet and phone, etc. You can turn synchronization off, but you have to do it on all of your devices that access your Google account.

In my opinion, it is outrageous how much personal information Google lifts from smartphones, tablets and PCs in order to use it to entice you into clicking on ads placed across your path on the web. You can choose to have all of the settings turned on or off, but you will have to trust Google that they are off.

Personally, I don’t trust Google period due to the long history it has of acting very deviously or illegally in order to obtain information or promote or sell its own services and products ahead of others.

The following website provides good information on Android’s Settings app.

13 Things You Can Do With the Google Settings App on Any Android Device –

http://www.howtogeek.com/226844/13-things-you-can-do-with-the-google-settings-app-on-any-android-device/