With every security update that Android gets, it becomes more and more secure. Still, some loopholes haven’t been resolved yet.
One of the most common ways of infiltrating an Android device is using a rogue app regardless of version. Apps like these can open up a remote connection to an attacker. The attacker can exploit this connection and access your files, sensors and camera even.
How your device can be compromised?
Using a tool called Metasploit, anyone can generate an infected APK file within seconds. The default generated app is an empty activity that triggers the remote connection.
For more realistic attacks, the infected APK generated by Metasploit can be combined with another APK. Once the app is ready, the attacker then manipulates the victim into installing it on their phone.
Upon installation, the app asks for various permissions. Usually, these are permissions to access files, camera, sensors, GPS, make phone calls, send texts etc.
Once granted, the app functions normally but opens a ‘meterpreter’ session in the background. The attacker can connect to this session and get access to basically everything on the victim’s phone.
As aforementioned, they can access files, stream video from the camera without the victim’s knowledge, dump call logs/text messages, geolocate the phone, and even open a remote shell on the phone.
All of this happens in the background, and the victim usually has no idea of what’s going on. The attacker even has the ability to hide the app icon. This means you won’t even be able to see the app in your main menu.
How to protect your device?
The first step you can take is never to install suspicious apps or apps from unknown sources. Android already has checks for this, but it never hurts to be extra cautious.
Keeping suspicious apps away from your phone goes a long way in protecting your phone against hacks. It is, unfortunately, also the only thing you can do to keep yourself safe.
Most of these apps have pretty strong, persistent backdoors. Once infected, there’s a good chance that the backdoor still exists even after the app has been removed.
The way out? Doing a complete factory reset on your phone and hoping that that is the end of your problems.
Also read: Are free VPNs secure? Should you use them?