Skip to main content

How to Protect Yourself from Android Fake ID


Another week, another security threat. The latest threat to emerge is the Android Fake ID security flaw, which allows malware to impersonate trusted applications, of course without notifying the user, in order to gain access to personal data, such as financial and payment data. This threat is, unfortunately, pervasive since it affects nearly all Android devices purchased since 2010. Businessweek explains the extent of the threat: “To give an idea of scale: From 2012 to 2013, about 1.4 billion new devices shipped with the Android operating system, according to Gartner.” And, Gartner “estimates that 1.17 billion additional Android devices will ship this year.”

Google recently issued an update which fixes this issue- but its implementation is dependent upon your carrier providing you with an updated OS to download. With new threats constantly emerging, how can you prevent a malicious attack and ensure you don’t losing control of your Android device? There are different considerations for business users, enterprise IT teams and end users. Here are some tips for keeping your data safe:

  • Business Users – The best solution is to leverage “containerization” to encrypt your corporate workspace. The container should provide automatic black and white list application enforcement. It’s important to note that this solution assumes that IT staff are consistently monitoring for what applications have been compromised.
  • Enterprise IT Teams – Make sure to vet any third-party Android applications for security flaws, meaning they have utilized the security APIs provided by Google. In addition, ensure applications are only available from the corporate application portal or trusted sources, such as Google Play, as applications that may be compromised will likely originate from third-party application storefronts other than Google Play. These tips also apply to any managed service providers your organization works with that offer application management.
  • End Users – Both end users and IT practitioners should contact their carriers to find out when an upgrade for their Android device OS is available.

By keeping these precautions in mind, you can help ensure that your data remains safe. For more information on mobile device security, check out our white paper here.