Recently I published a video on Instagram showing the privacy flaw in Android OS. I got a lot of queries asking about how to secure the Android device. This article is dedicated to those who care.
So, what was in the video, and why it’s so important?
I was testing an Augmented Reality app on my laptop and to replace the laptop’s webcam I used my Android smartphone, it saved time and effort. The camera was working even if I lock the device, which is not a good idea if you consider the security and privacy of your smartphone.
How an app can use the camera in the background?
The answer is, that you allowed the app to run the camera in the background. Yes, you did.
Remember when you first launched the app and it asked for all the basic permissions like Camera, Microphone, Contacts, SMS, Location, Storage, etc. Your device’s operating system just remember that you allowed the app to access those resources and data from the device.
Types of permissions (simplified for humans):
There are several types of permissions in Secure your Android Device but you need to know only two of them, you can get to know all of them from the official source.
1. Install-time permissions
It gives the app limited access to restricted data, and they allow your app to perform restricted actions that minimally affect the system or other apps.
2. Runtime permissions
These are also called dangerous permissions, as they allow the app to interact with your sensitive data like images, contacts, SMS, call logs, location, and many more. Basically, these are the permissions that you allow before using the application.
Now let’s get back to the story. Where’s the flaw?
The older versions of Android (below Android 10) didn’t care about the background activities. One can access any of the hardware or files anytime in the background if you allowed it once. For instance, if you installed a camera filter app and allowed it to access all your photos, camera, and microphone, it can use all of them anytime, because you allowed it and the device operating system won’t interrupt. Isn’t it scary?
Have a look at the market share of Android versions as of May 2021 (via statcounter)
Only 37.78% of the Android devices are running on a secure version. You might be one of the 62.2% of users.
Google improved Android’s security level with the release of Android 10 and before that the apps can read what’s on your screen, run services in the background, what other apps you are using, and also use a camera and microphone in the background.
Now that’s enough of the problem statement. What can you do to avoid apps from misusing your data?
The solution is within the problem itself, permissions are the problem, they are the solution too.
Once you allow the app, you allow it forever, your phone won’t monitor if the app is using the permissions fairly. Which is rectified in the newer versions of Secure your Android Device OS. You don’t have much control, so you can manually take over and disable all the unnecessary app permissions.
With the new operating system, you have control, much more control than just saying yes or no.
Things to do for avoiding such situations:
1. Keep your device updated whenever you see any manufacturer update or download it immediately. Many companies roll out monthly security updates.
2. Don’t install third-party apps that are not directly downloaded from the Google Playstore. Google’s algorithm keeps checking on fraudulent apps.
3. Check the installed apps on your phone from settings. Your friend might install an app on your device without letting you see the app icon. So, check the installed apps regularly and remove the unwanted and suspicious ones.
4. Don’t give unnecessary access to any apps. For example, your music app should not ask for your camera or microphone permission. If it’s asking for contacts, you should deny, allow only when you need to use the specific feature, and disable it after use. Disable all the permissions of the inactive apps.
5. If you are using the latest version of Android, then always use the single-time permission. The new Android version lets you know which app uses data in the background and suggests you close it.
You can keep yourself safe if you follow these protocols. Always check the OS version while purchasing a smartphone.