Over
94 percent of popular Android applications used in the Middle East and
Africa are potentially vulnerable, according to a report.
Enterprise
security player Palo Alto Networks says Android Internal Storage is a
protected area that Android- based applications use to store private
information, including user names and passwords.
According
to Palo Alto Networks research, an attacker may be able to steal
sensitive information from most of the applications on an Android device
using the Android Debug Bridge (ADB) backup/restore function.
In
addition, most of the security enhancements added by Google to prevent
this type of attack can be bypassed. In the Middle East & Africa,
Android has the largest market share of all platforms, at 40 per cent.
Anyone
using a device running version 4.0 of Android ? about 85 per cent of
Android systems in use today in the Middle East ? is potentially
vulnerable.
Of
the estimated 525.8 million mobile phone owners is the Middle East and
Africa, this equates to over 178 million phones at risk in the Middle
East and Africa, the report said.
Over
94 per cent of popular Android applications, including pre-installed
email and browser applications, use the backup system, meaning users are
vulnerable.
Many
Android applications will store user passwords in plain text in Android
Internal Storage, meaning almost all popular e-mail clients, FTP
clients and SSH client applications are vulnerable.
“We
encourage users to be aware and Google to take a closer look at this
storage weakness in Android. Given Android’s place as the region’s most
popular mobile operating system, millions of users are potentially at
risk here in the Middle East and Africa,” said Saeed Agha,
GeneralManager, Middle East, Palo Alto Networks.
Palo
Alto Networks recommends Android users disable USB debugging when not
needed, and application developers to protect Android users by setting
android:allowBackup to false in each Android application’s
AndroidManifest.xml file or restricting backups from including sensitive
information using a BackupAgent.
Posted by : Gizmeon
No comments:
Post a Comment