As Black Friday weekend draws to a close (followed by Cyber Monday, Tech Tuesday, Wearable Wednesday, and on Thursday, bankruptcy court) a new report is circulating which reminds us that cheap Android devices are about as secure as they are expensive.
A bunch of the tablets they tested had the malicious app protection — the setting that prevents you from installing apps from unknown sources — turned off by default. That makes it far more likely that the five-year-old you foist the tablet off to will download malware, and your credit card number will be gone before you can say ‘suspicious charges from a Siberian minicab firm’.
The worrying discoveries don’t stop there, either. A number of the tablets came rooted out of the box, making them more easily compromised by a lazy hacker; a couple were signed using a test signature for AOSP, a custom version of Android, which would make rolling out a malware-infected system upgrade easy; and Staples’ $39 tablet even had some security features painstakingly removed for no good reason.
Not that I want to come across as a know-it-all, but this isn’t surprising news (heck, it hardly qualifies as news) nor is it all that worrisome.
I’ve been using cheap tablets on and off for four years, and I have never had a serious security breach. What’s more, I’ve never heard of anyone having security problems – not from their mobile devices, that is.
While those security researchers do have their facts straight they also have their priorities wrong. Yes, cheap tablets are insecure, but the real threat comes from other channels.
I worry less about my cheap Android tablet being hacked than I do about the services I use with that tablet. Those online services are a much more tempting target, and as Jennifer Lawrence and other celebrities learned the hard way back in August, even Apple’s servers are vulnerable.
Okay, Android does have security issues, including botnets (a bunch of them, in fact), but the main security issue with Android devices is the user, not the device. All of the malicious Android hacking incidents I have heard of have involved the user making one of the usual mistakes: installing an Android app from an unsafe source (or, sometimes, Google Play), visiting an unsafe website, or opening a questionable email attachment.
In short, folks, I am worried less about an unsecure device than I am about a service I use being hacked, or doing something dumb and handing my Android device over to a hacker. There’s nothing we can really do about the former, but so long as we follow the usual basic steps to keep ourselves safe online, the latter should not be a serious issue either.