Security is still a bothering part in an Android application development. Bad mobile developers are not sparing even iOS as Trend Micro Inc, the cloud security company, has revealed in its report.
As of a report released by Trend Micro Inc, 75 percent Android devices were struck by FakeID vulnerability and flaws in Android browser. And of course, these two issues posed big security risks at Android application development too.
Any security issue in Android ecosystem, regardless of its type or sort, turns out to be further complicated because of its fragmentation. The reason of fragmentation is simple to understand – because there is huge OS version diversity, security solutions released would not timely become available to the affected devices. This issue is often seen with devices running older Android versions.
Originally, Bluebox Labs uncovered the FakeID security issue. It is involved with the checking of certificate signatures to prove the legitimacy of applications. It affected Android versions from 2.1 Éclair to 4.4 Kitkat. It allowed malicious apps to impersonate legitimate ones.
Google instantly releases security patches for any vulnerability discovered in Android; however, it’s hard to say that these implementations will timely reach to end-user devices because such deployments wholly depend on device-manufacturers.
(source: Trend Micro Inc.)
Apart from these two security vulnerabilities, others were spotted in Google Wallet SDKs and a Chinese payment system – Alipay. Apps like Evernote and Spotify were also spotted to have vulnerabilities but their vendors promptly fixed the issues.