- December 9, 2016
- Posted by: admin
- Category: Android
We all re hearing about the security vulnerabilities in android mobiles on these days. Recently these incidents are raised rapidly. Often they’re brought to light by security companies with a product to sell, or kind of exaggeration from the mainstream press. And that is the reason new Android vulnerabilities come with catchy nicknames and sometimes even logos. It’s a well written story sure to attract attention, easily turned into headlines like “Android users beware: Over 900 MILLION smartphones are vulnerable to this crippling hack.”
There exists many type of vulnerabilities and no one can guarantee that any piece of software is completely flawless. When your system is more complex as smartphone obviously this going to be increased. The smartest and the easiest way a bad guy or a hacker can do to your phone or your data is to have you install a malicious app in your mobile phone without your knowledge. This malicious app make use of vulnerabilities in the OS to take over your device, steal your data, and cost you money.
But if similar things happens in an iOS phone, Apple immediately issues an update and then it’s fixed. This is because complete control of Apple over your iPhone. That means devices are patched pretty quickly, and all is well.
Android doesn’t work this way. Google never directly update the firmware on the billions of its android users. But that doesn’t mean they have to miss out on new features, APIs and malware protection.
Google Play Services is a system-level app, which is updated in the background by Google on every Android phone going back to 2010’s Gingerbread release. Android, Play Services has an important role in Android security.
So how do google act against malware vulnerability? The “Verify Apps” feature of Play Services is Google’s firewall against app-based malware. Google introduced this service in 2012, and first enabled by default in Android 4.2 Jelly Bean.
Verify Apps works similarly to a traditional PC virus scanner: Whenever the user installs an app, Verify Apps looks for malicious code and known exploits. If they’re there, the app are blocked outright — a message is displayed saying “Installation has been blocked.” In other, less suspicious cases, a warning message may be displayed instead, with the option to install anyway. (And Verify Apps can also help remove known malware that’s already been installed.)
While the underlying exploit may still be there, this makes it impossible for the hacker to take advantage of vulnerabilities after they’ve come to light. With Play Services updating constantly in the background across basically the entire Google Android userbase, as soon as a major vulnerability is reported to Google (often before the public hears about it), it’s patched through Verify Apps.
While the method is different compared to iOS, the result is the same. The platform holder updates its security — Apple through an OS update, Google through Play Services — and users are protected.