Säkerheten är högst varierande när det gäller Android. Olika länder, olika regioner har helt olika nivåer vad gäller säkerheten och det betyder att Androids säkerhetsnivå varierar beroende på var telefonen kommer ifrån.
Det är säkerhetsföretaget F-Secure som gått igenom olika Androidtelefoner, hur de konfigureras i olika regioner och vad det innebär för säkerheten för Android som plattform.
Several pieces of research published by F-Secure Labs demonstrate that region-specific default configurations and settings in some flagship Android devices are creating security problems that affect people in some countries but not others.
According to F-Secure Consulting’s UK Director of Research James Loureiro, the research highlights the security compromises vendors can inadvertently make when customizing Android builds.
“Devices which share the same brand are assumed to run the same, irrespective of where you are in the world – however, the customization done by third party vendors such as Samsung, Huawei and Xiaomi can leave these devices with significantly poor security dependent on what region a device is setup in or the SIM card inside of it,” said Loureiro. “Specifically, we have seen devices that come with over 100 applications added by the vendor, introducing a significant attack surface that changes by region.”
Kina
Ett problem är att Google Play är förbjudet i Kina. Innanför “The Great Firewall of China” så måste därför olika leverantörer erbjuda sina egna butiker för att ladda ned och distribuera appar. Det i sig innebär ökad exponering mot olika lösningar och olika distributionskedjor.
Access to Google Play is banned in China. This forces vendors to offer their own app stores in its place. Huawei devices have a dedicated app store called Huawei AppGallery. F-Secure Consulting’s research found multiple vulnerabilities within Huawei AppGallery that an attacker could exploit to create a beachhead to launch additional attacks. Following this initial compromise, an attacker could use additional vulnerabilities the researchers discovered in Huawei iReader to execute code and steal data from the device.
0 kommentarer