Sometimes, timing really is everything. Just days after Samsung’s surprise move to fundamentally change the way Android operates on its devices, a frightening report shows just why the Galaxy maker is right to be so concerned.

In a break with the past, Samsung has decided that “starting with One UI 6.1.1, additional security features including Maximum Restrictions, have been added” to its devices. This includes a move to firmly block sideloading apps from outside Google’s Play Store or its own store without a very deliberate manual override.

A week later and we have a perfect example of why this is such a good move for most users. Zimperium has issued a stark reporting warning about a “large-scale, Android-targeted SMS stealer campaign” that relies on side-loaded apps to deploy “cunning tactics to steal crucial [SMS 2FA] codes and bypass added protection to enable malicious infiltration to corporate networks and data.”

It’s the stats behind Zimperium’s report that really stand out: 107,000 malware-laced apps, more than 60 global brands and services targeted for 2FA codes, victims attacked in 113 countries, 13 separate command and control servers running the campaign, and 2,600 Telegram bots distributing those apps.

Just one vulnerability though—sideloading. “These numbers paint a concerning picture of a large-scale and sophisticated operation behind this malware campaign,” thew researchers say, highlighting “the campaign’s ability to evade detection by many AV solutions emphasizes the need for a multi-layered approach to mobile security.” But it’s user choice to bypass Play Store defenses that makes it all possible.

No surprise then that Samsung and Google are quietly backtracking away from sideloading, as they seek to plug the security gaps in Android when compared to iOS. Auto-blocking installs is part of the equation, but other measures include:

  • Turns on App protection: Checks apps installed for malicious activity.
  • Blocks device admin apps: Prevents activation of device admin apps and work profiles to protect against potential malicious attacks.
  • Blocks auto downloading attachments: Prevents automatic downloads of message attachments to protect against malicious software, while still allowing manual downloads from trusted sources.
  • Blocks hyperlinks and previews: Protects you from accidentally clicking on hyperlinks or viewing preview images, keeping you safe from malicious websites.
  • Removes location data when sharing pictures: Prevents the recipient from being able to determine where the picture was taken when you attach a picture to a message in Samsung Messages or share a picture from Samsung Gallery.
  • Blocks shared albums: Protects you from sharing sensitive information and accepting invites from unknown senders.

Zimperium warns that this latest campaign was particular devious—if you’re open to sideloading apps, you can be compromised. “These deceptive tactics appeared legitimate, mimicking trusted sources to lure victims into clicking on malicious links or downloading applications that they later sideloaded onto their devices, a common tactic used to bypass security controls. By appearing trustworthy, victims were convinced to download and install the malware.”

When viewed in tandem with Google’s equally surprising decision to delete countless Play Store apps on quality (read security) grounds and the forthcoming live threat detection due with Android 15, 2024 could be the most significant yet in cleaning up Android and narrowing that gap to iPhone.

That said, the tidy up required is significant. In a separate report issued last month, Zimperium says its “research indicates that 18.3% of mobile users globally engage in sideloading. In some regions, such as the Asia Pacific, the impact is as high as 43%.”

And that’s a huge number of users “exposed to risk and abuse, something the official app stores try to mitigate with its controlled ecosystem and vetting processes. According to our telemetry, users who engage in sideloading are 80% more likely to have malware running on their devices compared to those who do not. In fact, sideloading is a great contributor to malware risk; in 38.5% of cases where malware was detected, the source can be traced back to a sideloaded application.”

You have been warned—literally…

Share.
Exit mobile version