{"id":49418,"date":"2023-10-24T09:03:47","date_gmt":"2023-10-24T13:03:47","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=49418"},"modified":"2023-10-24T09:03:47","modified_gmt":"2023-10-24T13:03:47","slug":"android-most-dangerous-features","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/android-most-dangerous-features\/49418\/","title":{"rendered":"Top-3 most dangerous Android features"},"content":{"rendered":"

Android is a well-designed operating system that gets better and more secure with each new version. However, there are several features that may put your smartphone or tablet at serious risk of infection. Today, we take a look at the three that are the most dangerous of all \u2014 and how to minimize the risks when using them.<\/p>\n

Accessibility<\/h2>\n

Accessibility is an extremely powerful set of Android features originally designed for people with severe visual impairments. To use smartphones, they need special apps that read on-screen text aloud, and respond to voice commands and convert them into taps on UI controls.<\/p>\n

For those with visual impairments, this function is not just useful \u2014 it\u2019s essential. But the very modus operandi of Accessibility is to grant an app access to everything that\u2019s going on in others. This violates the principle of strict isolation, which is a core security feature of Android.<\/p>\n

And it\u2019s not just tools for helping the visually impaired that take advantage of the Accessibility feature. For example, mobile antiviruses often use it to keep an eye out for anything suspicious taking place in other apps.<\/p>\n

But every coin has a flip side. For example, malicious apps can requests permission to access this feature set too. This isn\u2019t surprising, since such access makes it easy to spy on everything on your smartphone: read messages, steal credentials and financial data, intercept one-time transaction confirmation codes, and so on.<\/p>\n

What\u2019s more, access to this feature allows cybercriminals to perform user actions on the smartphone, such as tapping buttons and filling out forms. For instance, malware can fill out a transfer form in a banking app and confirm it with a one-time code from a text message, all on its own.<\/p>\n

Therefore, before you give an app access to Accessibility, always think carefully: do you really trust its developers?<\/p>\n

Install unknown apps<\/h2>\n

By default, only the official store app has the right to install other programs on Android. Given an unmodified version of the system, this is, of course, Google Play. But together with (or instead of) Google Play, smartphone developers often use their own \u2014 such as Huawei AppGallery or Samsung Galaxy Store. Indeed, Android is a democratic operating system with no strict limitations on app download sources. You can easily allow any app to download and install programs from anywhere<\/a>. But it\u2019s just as easy to get your smartphone infected with something nasty this way too, which is why we don\u2019t recommend using it.<\/p>\n

Official stores are usually the safest sources for downloading apps. Before being published in an official store, apps are subjected to security checks. And if it later transpires that malware has sneaked in, the dangerous app is quickly kicked out of the store.<\/p>\n

Sure, even Google Play is not totally immune to malware (alas, it gets in more often than we\u2019d like). Still, official stores at least try to keep their house in order \u2014 unlike third-party sites where malware is endemic, and the owners couldn\u2019t care less. A case in point: attackers once even managed to infect the third-party Android app store itself<\/a>.<\/p>\n

The most important thing to remember is this: if you do decide you absolutely must download and install something on your Android smartphone not from the official app store \u2014 don\u2019t forget to disable the ability to do so immediately after the installation. It\u2019s also a good idea to scan your device afterward with a mobile antivirus to make sure no malware\u2019s appeared; the free version of our Kaspersky for Android<\/a> will do the job just fine.<\/p>\n

Superuser rights (rooting)<\/h2>\n

Less popular than the two features above \u2014 but by no means less dangerous \u2014 is the ability to gain superuser rights in Android. This process is popularly known as \u201crooting\u201d (\u201croot\u201d is the name given to the superuser account in Linux).<\/p>\n

The designation is appropriate since superuser rights give superpowers<\/a> to anyone who gets them on the device. For the user, they open up the usually forbidden depths of Android. Superuser rights grant full access to the file system, network traffic, smartphone hardware, installation of any firmware, and much more.<\/p>\n

Again, there\u2019s a downside: if malware gets on a rooted smartphone, it too acquires superpowers. For this reason, rooting is a favored method of sophisticated spyware apps<\/a> used by many government intelligence agencies \u2014 as well as cutting-edge stalkerware<\/a> that\u2019s accessible to regular users.<\/p>\n

Therefore, we strongly discourage rooting your Android smartphone or tablet \u2014 unless you\u2019re an expert with a clear understanding of how the operating system works.<\/p>\n

How Android users can stay safe<\/h2>\n

Lastly, a few tips on how to stay safe:<\/p>\n