Cyber security experts are warning the other companies about the flaw that exists in the unprotected external storage that is prone to hijacking. Google has recently published a report that advises mobile app developers to encode data that their apps produce on the users’ devices mainly when they use unprotected external storage.
Google has further advised of using an easy-to-implement security library, available as part of its Jetpack Software suite. There are not a lot of reference frameworks available for the same. The open-sourced Jetpack Security library allows the Android app experts to read and write the encoded files. These files may contain important data, information, API keys, and OAuth tokens.
Android offers the developer two methods to save app data. The first is app-specific storage that is the “internal storage”, it refers to the computer’s internal hard drive. It is the storage of private information on the device’s memory. On the other side is the shared storage that is also known as “external storage”, which is generally used to store media and document files.
Cyber security experts recently found that the apps use external storage to keep private information and data on the user’s device and they don’t take enough measures to secure it from other apps. Now, this allows the cybercriminals to hack photos and videos leading “Media file Hacking”.
Two years earlier similar consequences were found with the “man –in-the-disk” attack. It allows a hacker to intercept and potentially alter data as the attack moves between Android external storage and an installed mobile app. It also has a similarity with “side-channel attack”. This attack aims at extracting sensitive information from a system, through measurement and analysis of physical parameters like electromagnetic emission or supplies current.
To prevent a device from such attacks, Android 10 has launched a new feature called “Scoped Storage”. It sandboxes each app’s sensitive data in both internal and external storage, thereby limiting apps from controlling data saved by other apps on the device. JetSec library takes a step further by introducing an easy-to-use solution to encode data for extra protection.
A cyber security consultancy recommends that “If your apps use external storage you should encrypt the data soon”.
Google recommended the app developers to combine encryption with biometric information for better privacy and security. Android has built-in security features that decline the frequency and impact of application security issues. This system is designed specifically to build an app with the default system and file permission. It also has a special feature to avoid a difficult situation to protect its security. The Jetpack security library, previewed last May at the annual developer conference, now immerges as part of an extension of Android Jetpack (it is a collection of Android software components that helps developers obey the best practices and high-quality apps).
The rise of cybercrimes resulted in increasing awareness among small and large enterprises. Cyber Security expertsare continuously trying their best to protect the networks from these attacks. If you want to protect your device and apps from such cyberattacks always consult with expert cyber security consultancies.
Leave a Comment:
Get Exclusive Cyber Security Tips On:
Prevention from damage dealt to an organization’s reputation.
Investments on fixing the issues caused by attack.
Preventing confidential data and Intellectual Property being stolen
Prevention of revenue loss due to service disruption and much more.