28 Million Android Phones Exposed To ‘Eye-Opening’ Attack Risk

By: Davey Winder

New research has revealed the truly shocking state of Android phone security. The source of that security problem may well come as a surprise: antivirus apps designed to protect devices and users. Researchers at testing specialists Comparitech found that apps with more than 28 million installs between them were presenting attack paths and opportunities to threat actors looking to exploit vulnerabilities on the Android platform.

In total, Comparitech put 21 separate Android antivirus apps to the test over the course of many weeks. Some 47% of them failed in one way or other. Three apps contained serious security flaws, including a critical vulnerability exposing the address books of users which laid the details of an estimated million contacts bare. Another vulnerability made one app “very easy to disable remotely” by an attacker.

And that’s before I’ve even mentioned the apps that were unable to detect a virus used during the testing process, or how nearly all of them were found to be tracking their users according to the Comparitech researchers.

“Comparitech spent weeks testing popular free Android antivirus apps,” Aaron Phillips, a Comparitech researcher reported, “we looked for flaws in the way each vendor handles privacy, security, and advertising. The results were eye-opening.”

Comparitech’s senior security researcher, Khaled Sakr, took responsibility for the testing itself, looking at each application, its effectiveness, web management dashboard and any back-end services. The apps were also scrutinized for dangerous permissions and trackers embedded within them.

More: https://www.forbes.com/sites/daveywinder/2019/08/03/28-million-android-phones-exposed-to-eye-opening-attack-risk/amp/