Security & Privacy: Malware and Beyond – The Many Shapes of Device Security
Security and Privacy are two vitally important components of any successful society. Today’s connected world, where we carry computers in our pockets and share all our details on social networks, makes them even more so.
This section of Pocketnow is devoted to why security and privacy are important, how you can protect yourself in today’s connected world, and pitfalls to be aware of and avoid — with the objective of helping you and your loved ones stay safe in an ever-changing world.
Device security comes in many shapes and forms, each with its own strategy for mitigating threat vectors. A “threat vector” is “industry speak” for a particular way in which a bad guy can do bad stuff with your stuff. Vague enough? What are a few of those vectors, and what can we do to protect against them?
The first layer of device security is physical security. It actually covers quite a few areas which are generally shared between devices regardless of manufacturer or which operating system they’re running.
Just like a good deadbolt can protect your house from someone forcing their way inside, a good pin or passcode can help secure the “front door” of your device. Typing a PIN or passcode in every time you turn on its screen can get tedious and time-consuming, so most of us either go without (which is like leaving your front door unlocked), or use a pattern, knock code, fingerprint, face or retina recognition. The latter two should be considered more like “identity” rather than “passcode” types of protection, but thanks to the way modern OSes have implemented them (requiring passcodes on restarts and every once in a while), they bear a little more weight than “identity confirmation” alone.
Next in this category, and also almost universally applied in modern devices, is on-device encryption. The filesystem of our phones and tablets are usually encrypted, meaning even if a person gets access to our hardware, unless they know our password, they cannot hook it up to a computer and browse our files. Laptops still need babysitting in this regard, but it’s not too difficult to turn encryption on – though it does take a while to apply.
Last in this category are remote tools which allow you to locate a lost or stolen device, remotely lock it, or even remotely wipe it. Again, most of our mobile tech provides these options – as long as they still have battery life, are turned on, and are connected to a network to receive their instructions.
Malware is a term which describes an entire category of “malicious software”: viruses, spyware, ransomware, etc. Some malware is sneaky and can infect our devices without much involvement from us – the end users – but some of it comes pre-installed from the manufacturer and in most cases cannot be uninstalled by anyone but the OEM – which they almost never do.
There’s not much that we, as consumers, can do to protect ourselves against this. The best protection is to only buy unlocked (non-carrier) devices, and only from OEMs that we know and trust. (Sorry to throw you under the bus there, BLU, Huawei, ZTE, et al.) If your phone has a bunch of pre-loaded bloatware installed on it, return it, get your money back, and tell the sales person that you want something that isn’t’ pre-loaded with a bunch of stuff that you don’t want. And, OEMs, we’ve been saying this for years now, you’ve had your chance to do the right thing, we’re done waiting and we, the Power Users, are taking things into our own hands.
As for legitimate infections, the fact of the matter is, statistically, up-to-date systems (regardless of OS) don’t get infected unless you’re engaging in specific types of risky activity. We talked about whether or not you need to run a mobile antivirus suite on your smartphone or tablet in an earlier Security and Privacy installment.
Google has a very good protection strategy in place called “Google Play Protect” and recently published their year in review for 2016 regarding Android security. Unlike their competition, Google goes a step further thanks to the way in which apps are run inside the Android OS: sandboxing.
Sandboxing is yet another critical layer of security for the Google Photos app. It ensures that our users’ private photo and video libraries are kept safe on their devices and provides peace of mind for people to trust our app with their lifetime of memories.
— INDRAJIT KHARE Tech Lead & Manager of Google Photos, Android
While no solution is completely foolproof, and it’s disappointing to see OEMs preload malware (either ignorantly or deliberately) on their devices, the trend is finally turning toward more secure devices which are easier to use, with most of the real security happening automatically, with little to no interaction from us, the end users.
We still need to be vigilant with our activities, babysit our OSes and apps to keep them patched and up-to-date, and still need to use more secure communications (like VPNs and encrypting communication methods), but as we do more of all those individually, the safer all of us will be.