Goolge Play Store Is Getting Better

According to Google’s annual report, the chances of installing malicious apps on Android devices have been reduced by 40% as compared to the previous year. This might seem a promising number and positive progress but Android ecosystem is still one of the least secured mobile operating system nowadays. Android devices generally face three different types of attacks which are malware attacks, network threats and on-device threats.

Google scans 6 billion installed apps on more than 400 million Android devices every single day. This security measure is implemented to scan already installed apps and to verify their authorized activities. For example, some apps especially large sized games download resources from their own servers after installing the base app from Google Play Store. Google scans those apps from its end but it does not have control over the servers of those apps from where they download additional files.

icdfgkjdfn (1)

Apple has dealt with the same problem by increasing the maximum size limit of their apps to 4GB. Every 3 devices in 2,000 have been infected via potentially harmful apps downloaded from the official app store Google Play Store. Although this is still an alarming situation but way better than earlier years; on the other hand, every one device in 200 which has downloaded apps from Google Play Store and unofficial sources has been infected.

The company has been making tremendous efforts to reduce the number and impact of such security vulnerabilities and threats. Last year, Google started a reward program that was specifically designed to encourage security experts and ethical hackers to find vulnerabilities and security flaws in Android platform. Ultimately they discovered more than 100 flaws and Google rewarded them with $200,000 in total.

From the ecosystem point of view, Google is also implementing more and more security layers. The latest version of Android 6.0 comes with advanced control over the permissions granted to specific apps and the amount of data shared with them.

Why Your Online Privacy Should be Important to You?

The idea of online privacy and online anonymity is relatively newer and still a large percentage of people don’t even realize the importance of it. Before we move further, let’s see who is interested in knowing your online activities. Hackers, cyber criminals, ISPs, businesses, advertisers, government agencies, authorities and even websites want to know where you click and what you do.

Of course all of these entities have different agendas but threat users as product is an unacceptable behavior. Surprisingly, some of these are even legally allowed to see and analyze your web activities. Hackers and cyber criminals want to know your web activities so they can develop a plan to get financial benefits from you.

Government agencies and authorities are protected by twisted laws and they collect information for “security” purposes. ISPs fall in the grey area; they are not legally allowed but no one is there to keep a keen eye on them. Websites want to know your moves so they can make necessary changes and show you content in the way you prefer. They may call it “customization” but actually it is manipulation that shouldn’t be allowed.

jsldkmc (3)

Advertisers want to know your online activities so they can see in what kind of services or products you are interested in and to what kind of ads you respond positively. With all these entities around you, the idea of online privacy is just an illusion. There are some efforts you can make on your ends to protect your information; first of all, start using VPN services so no one can see what you are doing online.

VPN services also encrypt your web traffic and mock your geographical location that makes it impossible to track you down or identify you. Use social media carefully and do not put your personal information there. Try to keep track of information you post online about you and also minimize it.

Security Settings Every iOS User Must Know

Mobile devices possess a real threat to our security, privacy and online identity. Just think for a moment about all the personal and financial data we store on our phones and tablets. What if the device gets lost or stolen? This is a million dollar question that we usually avoid. Following are some tips and tricks to keep your device and data safe and secure.

Passcodes

That’s no brainer; make sure you use alphanumeric passcode or password on your device. If you have a compatible device, you can also use TouchID to lock/unlock your iOS device. TouchID is way more convenient and faster way to secure your device and unlock it when needed.

Auto Erase Data

The latest version of iOS allows users to automatically erase their data in case someone tries to get unauthorized access and make more than 10 failed attempts. This feature will erase all the data stored on the device, so make sure you don’t make failed attempts yourself.

jsldkmc (2)

Find My iPhone

Find My iPhone is a great feature that has been around us for years; you can turn on this feature from the settings menu and as the name suggests, Find My iPhone allows users to find their lost or stolen devices. Your phone will automatically send its last location before running out of battery.

Delete Messages Automatically

iOS devices allow you to automatically delete your old messages so no one else could read them. From iMessage settings menu you can choose the time period. For example, you can choose 30 days and the app will automatically delete all messages which are more than 30 days old.

Payments

Make sure your iOS device asks for your Apple password before each purchase. This way your kids or no one else can make purchases without your permissions. You can turn on this feature from the App Store settings menu.

Mobile Security Threats Enterprises Face Everyday

Mobile security has become a serious issue for last couple of years; not only for individuals but also for enterprises as organizations are much more beneficial target of hackers and cyber criminals because of many reasons. Unlike individuals, enterprises offer more to hackers; for example, financial benefits and huge amount of users’ information and data. Besides that, organizations offer more entry points so hackers can easily penetrate their systems and networks.

Contrary to popular belief, the weakest link in this security chain is us – human. Of course latest security technologies, equipments and systems can reduce the chances of being broken in but it is ultimately human error or ignorance that leads to catastrophe. Let’s talk about some common mobile security threats enterprises face every day.

jsldkmc (1)

Weak or no password

Passwords, pattern locks, PIN codes and passcodes are the first layer of security. Most of the time, it is not that hard to bypass password protection but when it comes to security, everything counts. A cyber criminal or hacker can penetrate the system or even a password protected device by spending some time and efforts on it but it is not possible for an insider threat to gain unauthorized access frequently.

Surprisingly, some enterprises do no enforce strict security policies on their employees and do not force them to use passwords on devices, systems, networks and even on data. Such soft policies are serious security threats. Make sure you use password protection on all kind of devices with corporate data on them.  Additionally, always ensure the password you are using is not predictable.

Proper education and awareness

Employees shouldn’t be blamed for security threats and responsibility that do not fall under their domain. IT should educate and raise awareness regarding security protocol of their company. Employees must be taught how to use strong passwords and how to avoid downloading unauthorized and potentially risky apps even from official sources like Google Plat Store and iTunes.

For example, if an app is asking for permissions that it shouldn’t ask, then users must know it is a red flag and they should contact IT immediately. IT cannot possibly rescue people from every pitfall but they can teach them how to differentiate between a legitimate and malware app.

Avoid unofficial sources

That’s being said, unofficial sources are the biggest reason behind getting your device infected. Google and Apple have implemented strong security protocols on their app stores and they scan apps regularly. Side loading refers to downloading and installing apps from unofficial sources. On iOS devices like iPhone and iPad, it is usually done after jailbreaking the device while Android devices offer more freedom.

Android rooting is quite similar to iOS jailbreaking but unlike Apple devices, Android devices do not need to be rooted to install unofficial apps. Side loading is a serious security concern that should be addresses properly.

Outdated apps

Developers release security patches and latest version of their apps to address issues present in previous versions. Outdated apps and firmware could be venerable to attacks so make sure your device and all the apps are up to date.

Why Enterprises Need to Think About Security Seriously?

Enterprises need to think about their security more seriously because of reasons like adaption of cloud technologies and rapidly increasing trend of BYOD. Mobile devices like phones, tablets and in limited sense laptops have revolutionize the corporate culture. By using such devices, employees can connect with the corporate network from wherever they are and whenever they want. Of course this has increased the overall productivity of the company but at the same time it has increase security risks dramatically.

The problem is very simple; more the collaboration, more the security threats. BYOD program is also a major reason behind this issue. Bring Your Own Device culture has penetrated the mainstream and organizations all over the globe encourage their employees to use their own device at their own connivance. It is quite similar to Google’s Free Food program; they offer free food at their campus and save tons of time that ultimately benefits the company itself.

However, BYOD brings security vulnerabilities. Almost every employee has more than one portable device; it could be mobile, tablet, wearable devices like smart watches and even laptop. Some enterprises are smart enough to adapt a proper check and balance system where only authorized users can use corporate network with authorized devices only. This tactic solves half of the problem. For example, this way an unauthorized user cannot access sensitive information and data stored on the network.

On the other hand, more devices mean more security threats. Not only employees but other entities like clients, guests, partners and even contractors can benefit from BYOD program. Now here comes the interesting yet alarming part; we, human are the weakest link here. Losing a device means losing valuable data. And more devices mean more chances of losing data to hackers, attackers and cyber criminals.

jlgkmdsfc (3)

Enterprises deal with such situations in different ways; some have strict policies regarding incidents like these and they have specialized IT teams that can remotely wipe clean or lock a lost or stolen device. The main purpose is to protect corporate data from reaching in wrong hands. Cloud providers usually offer advanced security encryption and measures but the weakest point in the security defines how secured the system actually is.

There are many areas where enterprises and their IT teams need to adapt changes and raise their security level. First of all, in order to make BYOD program more practical and secure, enterprises must define policies for authorized users and authorized devices. Only specific devices should be allowed to connect with corporate network and more specifically they should have different roles and level of privileges.

A full time employee with high clearance should have more access to the network than a temporary contractor who only needs access to few basic things. Other than these policies, there should be proper implementation of the security measures to point out infected devices. Even a single malware loaded device can cripple the entire corporate network and steal valuable data. A centralized system of management can prove itself effective as it would be easier for IT teams to add/remove authorized devices and users from one place.