With the discovery earlier this month about the “Stagefright” and “OCtoRuTA” Android security holes, it appears that Google has finally decided to provide monthly security and functionality updates to phones and tablets running their popular Android operating system.
Part of the problem with security updates to phone platforms is that often this process is “managed” by the device manufacturer or the cell phone carrier. Managed, delayed, interfered with, or outright prevented in some cases. So in a typical process, Google releases a patch or update, then Samsung, LG, or other manufacturers will add their bit of review or revision to it, then pass it to ATT, Verizon, Sprint and T-Mobile, who may modify it even more, and in differing ways. Sometimes a manufacturer or carrier may just quash and update altogether. This process just takes too long and is fraught with opportunites for errors and ommissions.
So what can you do?
- Use a smartphone anti-malware product. Our recommendation is the AVG smartphone security app, but there should be something from any other security software vendor. Makes sense to stick with the same vendor you use on your computer.
- Only install apps from the Google Play store. Apps sold on alternative markets or by email link are easy avenues for cyber-criminals to exploit. Reading reviews and user feedback can keep you out of trouble too.
- Look for and apply Android updates. These should start coming monthly from now on. Make sure you apply them.
- Silicon Beat – New Android bug…
- Sophos – Another Android hole: “OCtoRuTA”
- Tech Republic – Google’s Android Updates
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com