Some of my friends will be able to confirm this, but I said from the very beginning, years ago, that Google’s Android OS, which runs on many phones today, is pure garbage. Especially when it comes to security and privacy. If you have a phone running Android I feel sorry for you.
Here’s from Forbes, “Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected” (November 19th 2019):
The security research team at Checkmarx has made something of a habit of uncovering alarming vulnerabilities, with past disclosures covering Amazon’s Alexa and Tinder. However, a discovery of vulnerabilities affecting Google and Samsung smartphones, with the potential to impact hundreds of millions of Android users, is the biggest to date. What did the researchers discover? Oh, only a way for an attacker to take control of smartphone camera apps and remotely take photos, record video, spy on your conversations by recording them as you lift the phone to your ear, identify your location, and more. All of this performed silently, in the background, with the user none the wiser.
Read the article for the full list of attacks.
Then there’s also the problem that most Android phones (and also other devices running Android) come with malware from the manufacturer preinstalled, while the user can usually not remove these applications from their device (disabled by the manufacturer). Here’s from Wired, “146 New Vulnerabilities All Come Preinstalled on Android Phones” (November 15th 2019):
When you buy an Android smartphone, it’s rarely pure Android. Manufacturers squeeze in their own apps or give it a fresh coat of interface. Carriers do it too. The resulting stew of preinstalled software and vanilla Android sometimes turns out to be rancid, putting flaws and vulnerabilities on the phone before you even take it out of the box. For proof of how bad it is, look no further than the 146 vulnerabilities—across 29 Android smartphone makers—that have just been simultaneously revealed.
Yes, that’s 146, all discovered by security firm Kryptowire and detailed one by one in a new gargantuan disclosure. Most of the implicated companies operate primarily in Asia, but the list includes global heavyweights like Samsung and Asus as well. While the bugs vary in severity and scope—and in some cases, the manufacturers dispute that they’re a threat at all—they illustrate an endemic problem for Android, one that Google has acknowledged.
The vulnerabilities Kryptowire turned up, in research funded by the Department of Homeland Security, encompass everything from unauthorized audio recording to command execution to the ability to modify system properties and wireless settings. What makes them so pernicious, though, is how they get on phones, and how hard they are to remove.
Not to mention the fact that most Android phones don’t receive security updates anymore after a year or two because it’s often considered no longer practical.
Google has a lot to learn from Microsoft in this area. It’s too bad Microsoft decided to stop with their Windows Mobile OS; it’s one of the worst decisions made by Nadella. Now even Microsoft are preloading some of their mobile Surface devices with the garbage that is Android, at a time when they could have provided a more reliable Windows based alternative.