Today, a wide range of Android devices lets users take advantage of spare moments for work, entertainment, creation, and communication. However, an increasing number of security threats lurk in places users do not notice, potentially endangering data, privacy, and the devices themselves. This article describes six major security threats Android users commonly face and outlines practical countermeasures.
1. Malicious software
According to Securelist, in Q2 2023 Kaspersky blocked more than 5.7 million direct attacks by malware, adware, and riskware against Android devices. One common problem is potentially unwanted programs (PUPs), which are often disguised as useful tools and successfully installed on users' devices. More than 30% of detected threats were labeled as RiskTool PUPs. These programs can flood devices with ads and collect personal data.
This quarter, about 370,000 malicious app packages were discovered worldwide. Nearly 60,000 mobile banking trojans aimed at stealing financial information were identified, and over 1,300 mobile ransomware samples were found that lock devices before demanding payment. As attackers become more sophisticated, these numbers continue to rise. Kaspersky researchers also found previously unseen ransomware and banking trojans. For example, they found an app in the Google Play store disguised as a movie streaming service that pretended to perform cryptocurrency mining.
Adware still accounts for more than 20% of threats. Ad families such as MobiDash and HiddenAd continue to hide their processes to avoid detection while bombarding users with intrusive ads.
Recommendations: review permission requests carefully before downloading apps from app stores, install apps from trusted sources only, and keep all software updated.
2. Phishing
Phishing remains a major security risk for Android users. These attacks rely on social engineering and fake interfaces to trick users into submitting sensitive information. According to a Straitimes report, since March 2023 at least 113 Android users in Singapore lost about $445,000 to phishing fraud.
Common tactics include redirecting apps or links to fake bank login pages to steal credentials and one-time passwords. With stolen credentials, attackers can access real banking apps and execute unauthorized transactions. Some phishing apps also include malware that locks passwords or other data in the background.
Attackers often impersonate legitimate companies on social media or messaging apps to distribute phishing links related to purchases or services. New campaigns increasingly target streaming, gaming, crowdfunding, and other popular digital services. Spear phishing uses targeted content to make attacks harder to detect, frequently exploiting current events such as the COVID-19 pandemic. AI models can also generate convincing phishing sites and content.
Recommendations: be cautious when clicking embedded social media ads, avoid installing unknown apps, and pay attention to system prompts about permission changes.
3. Unpatched vulnerabilities
Google recently released several Android security updates, highlighting the severity of unpatched bugs. One of the most serious new vulnerabilities was CVE-2023-21273, a critical remote code execution flaw in a system component that could allow an attacker to take full control of a device. Other significant vulnerabilities include CVE-2023-21282 in the Media Framework and CVE-2023-21264 in the kernel. Exploits of these flaws can let attackers execute malicious code on phones or tablets. More than thirty additional high-severity vulnerabilities may also allow unauthorized access, data theft, or device compromise.
Many devices remain unpatched because users do not replace phones frequently or do not have extended update support. Devices no longer supported by their manufacturers may remain vulnerable to bugs discovered months or years earlier.
Recommendations: install Android system and app updates when prompted. If a device is no longer supported by its manufacturer or cannot receive updates, consider replacing it with a newer model.
4. Public Wi-Fi attacks
Free public Wi-Fi is convenient, but attackers often target open networks at cafes, airports, and hotels to steal credentials and sensitive data from unsuspecting Android users. Attackers can set up malicious hotspots to monitor and capture traffic, potentially extracting bank account details, credit card numbers, and login credentials.
The most common tactic is a man-in-the-middle attack. Attackers insert themselves between a device and a Wi-Fi router to eavesdrop on or modify transmitted data, or they trick users into connecting to spoofed websites to deliver malware. Android devices that automatically reconnect to previously used networks can join previously safe but now compromised networks without the user noticing.
Recommendations:
- Connect only to trusted Wi-Fi networks and, where available, use a provider-supplied VPN service.
- Disable auto-join for Wi-Fi networks in system settings.
- Watch for "unsecured network" warnings.
- Be aware of shoulder surfers when entering sensitive information.
Note that a private home Wi-Fi network is not necessarily fully secure; exercise caution when accessing email or entering account credentials.
5. USB charging risks
Charging an Android device via a USB port in public is common, but attackers can manipulate public USB chargers to compromise devices in attacks known as "juice jacking." Malicious software can be loaded onto charging stations or cables in places like airports, malls, or restaurants. When a device is connected, the malware can use the charging cable to access the device and spread or install itself in seconds, exfiltrating personal data while the user only sees the battery level increasing.
Recommendations: avoid public USB charging ports when possible. If necessary, bring your own USB cable and AC adapter. Keep the phone locked during charging to prevent file transfer, check for suspicious activity, and consider using a USB data blocker that allows power but blocks data pins. Carrying and using your own power bank is the safest way to avoid juice jacking.
6. Physical device theft
Mobile devices store abundant personal data, from account credentials to photos and messages, making them prime targets for thieves. According to a BBC report, London police recorded over 90,000 stolen phones in 2022. Common theft locations include restaurants, bars, airports, and bus stops.
Thieves may shoulder-surf to learn a lockscreen PIN before snatching a phone. Once they have a device, they may unlock it, bypass Android protections, extract data, or install malware to lock the device.
Recommendations: avoid obvious lockscreen credentials such as birthdays or simple patterns, lock the screen after each use, and enable Find My Device features in Android. Installing a mobile security app helps back up important data to external or cloud storage and allows remote locking, wiping, and recovery after theft.
Do not let your guard down
Although Android has strengthened its built-in defenses over the years, the threats described above show that relying solely on system security is insufficient. Users should take proactive measures. Key practices include:
- Use strong, unique passwords and enable two-factor authentication.
- Review app permissions and install apps only from trusted sources.
- Keep the Android operating system and apps patched and up to date.
- Avoid connecting to public Wi-Fi when possible.
- Avoid using public USB charging ports.
- Enable remote tracking and wipe features to protect against loss or theft.
