UnSurprising News: Cheap Tablets aren’t just poorly made, they’re also insecure

As Black Friday weekend draws to a close (followed by Cyber Monday, Tech Tuesday, Wearable Wednesday, and on Thursday, bankruptcy court) a new report is circulating which reminds us that cheap Android devices are about as secure as they are expensive.

Security researchers with Bluebox Labs raised the alarm earlier this week, according to an alarmist post over at Gizmodo:

A bunch of the tablets they tested had the malicious app protection — the setting that prevents you from installing apps from unknown sources — turned off by default. That makes it far more likely that the five-year-old you foist the tablet off to will download malware, and your credit card number will be gone before you can say 'suspicious charges from a Siberian minicab firm'.

The worrying discoveries don't stop there, either. A number of the tablets came rooted out of the box, making them more easily compromised by a lazy hacker; a couple were signed using a test signature for AOSP, a custom version of Android, which would make rolling out a malware-infected system upgrade easy; and Staples' $39 tablet even had some security features painstakingly removed for no good reason.

Not that I want to come across as a know-it-all, but this isn't surprising news (heck, it hardly qualifies as news) nor is it all that worrisome.

I've been using cheap tablets on and off for four years, and I have never had a serious security breach. What's more, I've never heard of anyone having security problems - not from their mobile devices, that is.

While those security researchers do have their facts straight they also have their priorities wrong. Yes, cheap tablets are insecure, but the real threat comes from other channels.

I worry less about my cheap Android tablet being hacked than I do about the services I use with that tablet. Those online services are a much more tempting target, and as Jennifer Lawrence and other celebrities learned the hard way back in August, even Apple's servers are vulnerable.

UnSurprising News: Cheap Tablets aren't just poorly made, they're also insecure DeBunking e-Reading Hardware Security & Privacy
In order to increase my computer security, I am replacing my laptop with this beauty.
Okay, Android does have security issues, including botnets (a bunch of them, in fact), but the main security issue with Android devices is the user, not the device. All of the malicious Android hacking incidents I have heard of have involved the user making one of the usual mistakes: installing an Android app from an unsafe source (or, sometimes, Google Play), visiting an unsafe website, or opening a questionable email attachment.

In short, folks, I am worried less about an unsecure device than I am about a service I use being hacked, or doing something dumb and handing my Android device over to a hacker. There's nothing we can really do about the former, but so long as we follow the usual basic steps to keep ourselves safe online, the latter should not be a serious issue either.

image by ajmexico*n3wjack's world in pixels

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

8 Comments

  1. Jessica30 November, 2014

    I feel that people like to adapt their fear of something when it best suits them. Pirating stuff is no problem for them, yet Facebook selling their data is. Privacy/vulnerability is definitely a user problem.

    These security companies reporting on the “issues” make it worse. Although if someone’s going to buy a more expensive tablet because of this report, then hey, it benefits the bigger manufactures, heh.

    Reply
  2. Timothy Wilhoit30 November, 2014

    There’s a bit of malware called the “FBI virus” that’s been infecting a number of Android devices. It’s not a virus, of course, but it’s malware (ransomware) for certain. It doesn’t allow you to gain access to the device until you pay the ransom via MoneyPak. There seems to be a rash of cases on Kindle tablets; they’re being reported on the Kindle Help forum. I don’t believe there is any way to become “infected” with this malware without installing the malevolent .apk. Customers are likely “surfing Pr0n” or the like and are tricked into loading the .apk. I can see a good reason Amazon has the “allow installation from unknown sources” defaulted to NO, if only to protect people from themselves. It’s tricky to remove but if you have the pin code lock screen enabled, entering the wrong code a few times will present the option to reset to factory conditions. It’s drastic, but it does eradicate the malware.

    Reply
  3. Chris Meadows30 November, 2014

    The funny thing is that one of the main things they said makes the tablets “insecure”—allowing installation from unknown sources—is what you pretty much have to do if you buy apps from legitimate sources that don’t happen to be Google. Sure would be nice if I could permit installing apps from Amazon or the Humble Bundle without opening my tablet up to malware from everywhere else. Oh well, maybe in some future version of Android.

    Reply
    1. Nate Hoffelder30 November, 2014

      Yep. Disabling that block is usually the first thing I do with a tablet.

      Reply
      1. Thomas1 December, 2014

        I didn’t even realize that block was there. My tablet didn’t even come with Google Play, so it must have been disabled from the start. I had to put custom firmware on mine just to get the Google stuff. The default appstore was called “King Kong Market”. I’ve gotten apps from there, from Amazon, Google, and even a few oddball APKs that I never did know where they came from. I did make sure to scan anything before I sideloaded it.

        At least now the cheap tablets now usually have the main appstore.

        Reply
  4. baochan1 December, 2014

    Rooted out of the box and allowing software installation? I count those as features, not bugs. This fear definitely seems misguided.

    Reply
    1. Nate Hoffelder1 December, 2014

      Me, too. I don’t need them on every tablet but it sure is nice for a tablet to come that way.

      Reply
  5. […] shocked no one last November when they revealed that cheap Android tablets came with bonus security problems, and this security firm is back again this week with a report which shows that cheap kid's tablets […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top