Research presented by security firm Kryptowire singled out a host of manufacturers. It drew attention to their specific Android phone models as having security issues, some of which are so severe as to leave unsecured back doors wide open into devices. Phone and tablet brands including ZTE,  Vivo, Sony, Nokia and LG were all named, with a wide range of issues that could be a concern for customers and carriers. Read on to see if your Android phone is one of the affected devices. Some good news? None of our Best Phones of the Year were affected by this security flaw

Android Security Flaws Explained

Kryptowire discovered that on the Android phones it tested, 11 of them are available through US carriers. The report found that elements that rendered the handsets unsecured or vulnerable to attack, and although all the models had issues, the avenues for attack were myriad. While there were multiple flaws found in the Android software, some were more startling than others. One gave visibility to third parties of the contact list on a user’s phone. An invasion of privacy, certainly, but small fry compared to the one that allowed the phone to secretly record the user and write the audio to the SD card. Similarly, another could be used to screenshot the user’s phone without their knowledge. There was also a way to read all the user’s texts, and even to send messages from the phone.

How Did This Happen?

The issue, it seems, is down to Android’s main strength as an operating system – it’s an open platform. While this means that manufacturers can tailor the OS to the handset and introduce their own third party apps, it also leaves a somewhat large margin of error should they overlook important security issues. The findings don’t suggest that these bugs are malicious or even intentional, but simply an unwanted byproduct of the system being easy to customize. It could be that a bug was missed – a victim of the tight turnaround times expected from developers and the crush to get the latest apps on the latest handsets. Bug-testing is time-consuming and can be expensive, so it’s perhaps no surprise that issues that can turn out to be major security risks can be missed. It’s important to note that the problems are isolated purely to the third-party apps, not the Android operating system. However, if you think that fixing the problem is as simple as just deleting the third party apps, think again. Quite often, these are deliberately designed so they can’t be removed by the user.

Fixing the Android Security Problems

The good news is that some manufacturers have already taken steps to resolve these issues, with companies such as Asus, LG and ZTE issuing statements. Asus told the press, “Asus is aware of the recent ZenFone security concerns and is working to swiftly and diligently resolve them with software updates.” As the Asus Zenfone V was one of the worst affected handsets, that allowed potential recording of the screens contents and reading text messages, that fix can’t come soon enough. LG stated ‘LG was made aware of the vulnerabilities and has introduced security updates to address these issues. In fact, most of the reported vulnerabilities have already been patched or have been included in upcoming scheduled maintenance updates not related to security risks’. While it’s positive that manufacturers are taking the findings of the Kryptowire team seriously, it’s important to note that the fixes are being issued through updates, so the user still has to accept and download the latest patch before they are protected. If you own of the phones affected, be sure to update it as the earliest opportunity.

Which Android Phones are Affected?

Courtesy of Kryptowire, below is a full list of the handsets that are potentially vulnerable, plus an explanation of the flaws each could suffer from. Be aware that most vulnerabilities in this list can be activated by an unscrupulous app, so stick with the Google Play store to ensure you’re getting legitimate downloads. Original table and more information can be found at https://www.kryptowire.com/portal/android-firmware-defcon-2018/