A budget smartphone can let hackers dive into your device without your consent every time you try to download an app which requires them to access files, that are not actually required. Cutting down the money you spend can lead your data at risk.
Even if your phone is only a year or two out of date, it’s vulnerable to some very simple hacks, says Nathan Freitas, a fellow at Harvard’s Berkman Center for Internet and Society. “It doesn’t take much for your adversary to get into your [Android] device, and that’s a big problem.”
When Google releases an update to Android, it takes a while to get to consumers, unless you have a Google-branded phone like the Pixel and Nexus. Carriers and device makers customize Android with different apps and services, and there are at least 11 different versions of Android.
How these phone makers make money?
Smartphone makers need to make money one way or another, and if they’re cutting the prices on devices, you have to reflect if they’re selling data to help increase margins.
Due to a heavy competition between Android phone makers, they release phones at short intervals of time. And Keeping an eye on software updates for all the devices running on different configuration and hardware becomes more difficult, and the ones that are not so new anymore, are ignored. Each customized version has to be updated separately by the carrier or device maker before rolling out to consumers.
These vulnerabilities are due to the stakeholders who are not on the same page as Google when it comes to phone’s software. They even overlook Google’s updates and try to compensate for it with their own firmware updates. And the users are nowhere to go but to buy a new phone with the latest Android version.
How customization is a risk?
The Livemint mentions a study published in 2014 by scientists from University of Illinois and Indiana University found that software customisation made by OEMs puts Android devices at greater risk. After Google makes Android OS available to OEMs, these OEMs make changes to add their apps, device drivers and their trademark features. The study points out that Android is a multi-layered system where the app layer and framework layer sits at the top of a set of C libraries and Linux kernel.
Device drivers work on the layer with Linux kernel and are closely integrated to framework services such as Location Service and Media Service. if the customisation overlooks any of these integrations can leave the overall device vulnerable. In the absence of timely software updates and security patches, such phones can be exploited by hackers.
Different approach to encryption in Android OS
In case of Android, the full device encryption is built on software and not on the hardware, which means the encryption keys are saved on the software. It is this loophole which can be exploited to gain access to an encrypted device. While it is not full-proof, full device encryption provides some level of security, but you need a phone running Android 5.1 or higher to take advantage of it.