Google’s famous mobile operating system platform, Android, recently released this month’s security updates of a total of 33 new vulnerabilities that are affecting Android-related devices. Out of this 33 patch updates, 9 are reported to be critical in severity. This is quite an issue that Android developers need to worry about.
According to Statcounter.com, the Android mobile operating system comprises 76.03% of the total market share worldwide. Its rival, Apple’s iOS, is second in place garnering 22.04% only.
Why Vulnerabilities Affect a Mobile Operating System?
This question sounds a little bit complex but to make it simple a vulnerable security update, which is newly created or released, can be a door for malware attacks.
A weak security patch can result in issues to the Android system like lower processing speed, more storage space is consumed than normal or average.
Vulnerabilities also affect multiple Android components like the operating system itself, libraries, media frameworks, other frameworks, as well as Qualcomm components.
9 New Vulnerabilities Explained
The 3 of the critically severed vulnerabilities thrive inside Android’s media framework. Out of this, the most severe could give access for a potential remote attacker to send an arbitrary code on its target device. This method convinces users to open a malicious file.
The other remaining vulnerabilities:
- Affecting the Android Library
- Affecting the System
- Two vulnerabilities are residing in Qualcomm components. One in DSP_Services, and the other in Kernel.
- The last 3 is residing in Qualcomm closed-source components.
When an application creates an android media player object, it is actually holding up a proxy who can be used to manipulate the concrete player resides in the media server process. Apart from releasing patches for security vulnerabilities, Android Security Patch on July 2019 also included bug fixes for various issues in some of the supported version of Pixel devices.
Besides this, a high severity flaw in the Android framework that could allow an installed malicious application to bypass the user`s interaction requirements in an attempt to gain access to its additional permissions. Most basic security methods, which are very precise important that, every device supports a very strong, hard encryptions.
Many OEMs these days ship their devices with dedicated encryption hardware. While it is beneficial, it is also very expensive. Such as dedicated hardware, has typically been restricted for mid to high tier devices. This is not to say that low-end devices cannot support encryptions, but without hardware accelerated encryptions, the overall user experience is degraded because of slow read/write times.
Most of Qualcomm`s profits come from licensing smartphone radios and chips to the other companies, and one of the biggest costumers of it was Apple. However, the two companies have battled it out in court over royalty payments since 2017. Apple initially sued Qualcomm for allegedly overcharging to use LTE modems. Whereupon Qualcomm countersued saying that it is Apple actually gained and owned it more money in royalties and that it infringed on some of its patents and shared propriety information with its rival Intel. Apple`s relationship with Qualcomm is coming to a bitter end.
Why More Users Choose Android
There are many advantages of Android open-source operating systems to develop applications. Just recently, we posted on how Android phones innovate compared to its rival mobile brands. Oppo’s mesh talk is one of them. Never the less the security on developed apps
Despite most several organizations are working in data security, there is not a global security standard for mobile devices. However many companies, universities, and manufacturers have proposed some guidelines. The majority recommendation was created to avoid or detect a mobile device’s actual threats in different OSI (open systems interconnection).
Security Has Been Improved
It was impossible to detect safety flaws in the APK code, which can trigger threats over the user`s data and over the information recorded into the server. For future works, it is necessary to analyze vulnerabilities over the communication channels, between mobile applications and database servers, in order to establish threats even when it is with encrypted techniques.
Users are strongly recommended to download the most recent Android security updates as soon as they were available to the app in order to keep their Android devices protected against any potential threat attacks, given that users trust so much in so many sensitive transactions on their devices daily.
References:
