Android geeks often unlock their devices’ bootloaders, root them,
enable USB debugging, and allow software installation from outside the
Google Play Store. But there are reasons why Android devices don’t come
with all these tweaks enabled.
Every geeky trick that allows you to do more with your Android device
also peels away some of its security. It’s important to know the risks
you’re exposing your devices to and understand the trade-offs.
Bootloader Unlocking
Android bootloaders come locked by default.
This isn’t just because the evil manufacturer or cellular carrier wants
to lock down their device and prevent you from doing anything with it.
Even Google’s own Nexus devices, which are marketed towards Android
developers as well as users, come with locked boot loaders by default.
A locked bootloader ensures an attacker can’t simply install a new
Android ROM and bypass your device’s security. For example, let’s say
someone steals your phone and wants to gain access to your data. If you
have a PIN enabled, they can’t get in. But, if your bootloader is
unlocked, they can install their own Android ROM and bypass any PIN or
security setting you have enabled. This is why unlocking a Nexus
device’s bootloader will wipe its data — this will prevent an attacker
from unlocking a device to steal data.
If you use encryption, an unlocked bootloader could theoretically allow an attacker compromise your encryption with the freezer attack,
booting a ROM designed to identify your encryption key in memory and
copy it. Researchers have successfully performed this attack against a
Galaxy Nexus with an unlocked bootloader.
You may want to re-lock your bootloader after you unlock it and
install the custom ROM you want to use. Of course, this is a trade-off
when it comes to convenience — you’ll have to unlock your bootloader
again if you ever want to install a new custom ROM.
Rooting
Rooting bypasses
Android’s security system.
In Android, each app is isolated, with its own Linux user ID with its
own permissions. Apps can’t access or modify protected parts of the
system, nor can they read data from other apps. A malicious app that
wanted to access your banking credentials couldn’t snoop on your
installed bank app or access its data — they’re isolated from each
other.
When you root your device, you can allow apps to run as the root
user. This gives them access to the entire system, which allows them to
do things that wouldn’t normally be possible. If you installed a
malicious app and gave it root access, it would be able to compromise
your entire system.
Apps that require root access can be especially dangerous and should
be scrutinized extra carefully. Don’t give apps you don’t trust access
to everything on your device with root access.
USB Debugging
USB debugging allows you to do things like transfer files back and forth and record videos of your device’s screen. When you enable USB debugging,
your device will accept commands from a computer you plug it into via a
USB connection. With USB debugging disabled, the computer has no way to
issue commands to your device. (However, a computer could still copy
files back and forth if you unlocked your device while it was plugged
in.)
In theory, it would be possible for a malicious USB charging port to
compromise connected Android devices if they had USB debugging enabled
and accepted the security prompt. This was particularly dangerous in
older versions of Android, where an Android device wouldn’t display a
security prompt at all and would accept commands from any USB connection
if they had USB debugging enabled.
Luckily,
Android now provides a warning, even if you have USB
debugging enabled. You have to confirm the device before it can issue US
debugging commands. If you plug your phone into a computer or a USB
charging port and see this prompt when you’re not expecting it, don’t
accept it. In fact, you should leave USB debugging disabled unless
you’re using it for something.
The idea that a USB charging port could tamper with your device is known as “juice jacking.”
Unknown Sources
The Unknown Sources option
allows you to install Android apps (APK files) from outside Google’s
Play Store. For example, you might want to install apps from the Amazon
App Store, install games via the Humble Bundle app, or download an app
in APK form from the developer’s website.
This setting is disabled by default, as it prevents less
knowledgeable users from downloading APK files from websites or emails
and installing them without due diligence.
When you enable this option to install an APK file, you should
consider disabling it afterwards for security. If you regularly install
apps from outside Google Play — for example, if you use the Amazon App
Store — you may want to leave this option enabled.
Either way, you should be extra careful of apps you install from outside Google Play.
Android will now offer to scan them for malware, but, like any antivirus, this feature isn’t perfect.
Each of these features makes it possible to take full control over
some aspect of your device, but they’re all disabled by default for
security reasons. When enabling them, be sure you know the risks.
source
Comments