Security apps are required for ESET smartphones!Security risks and countermeasures for iOS / Android OS

This article is re -edited the "What is the background and reasons for smartphones that require security apps?"

　In recent years, cyber attacks aiming for smartphones have increased rapidly.It is no longer necessary to install security software on a personal computer, but many smartphones will not need security apps.However, it can be said that it is a judgment that neglects security risks.In this article, iOS and Android OS, each OS will explain different security risks and countermeasures.

In an era where smartphone security measures are essential

　With the expansion of smartphones (hereinafter referred to as smartphones), cyber attacks aiming for smartphones are increasing, and tricks are becoming more sophisticated.Cyber Attackers tend to focus on cost -effectiveness against attacks, and the more users they are attacked, the more successful they are, which will lead to profits.There is such a clear reason for the increase in cyber attacks on smartphones.

　Another reason is that the number of cases that use smartphones as well as private use is increasing.This is because the confidential information of a company / organization stored in a smartphone is highly used as an attack material.In order to deal with such attacks, smartphone security measures are no longer essential.

Beware of dangerous apps that seem to be a security app

　The attacker has various tricks to aim for a smartphone.The representative of the countermeasures will be the installation of the security app.However, the attacker uses the psychology of such users and uses the tricks to provide fake security apps.For smartphones, fake security apps are available more than for personal computers, so you need to be very careful when selecting apps.

　At first glance, the fake security app has a virus detection function, and at first glance it has real functions.The use of the functions required for security measures, including the detection function, makes users believe that they are genuine.

Do you know that there is a fake in the security app?

35 types of disguise virus countermeasures for Android are discovered

　It is strictly prohibited that it is okay if you install a security app for the time being.The app selection is limited to the official app store, and the provider must be confirmed when installing.In order to select, I would like to refer to the evaluation in the media, etc. so that the trusted vendor is provided.

A different security risk for the installed OS

　In the case of a smartphone, it can be broadly divided into iOS and Android OS, but the design of the OS may be very different for each, and the security risk changes.In general, iPhone equipped with iOS is said to be more secure than smartphones equipped with Android.The following three reasons for iOS security are excellent.

　1) Downloading the app is limited to the App Store

　In principle, iOS does not allow app downloads other than the official "App Store".Therefore, Apple's strict screening can only be used for safety, and there is no need to worry about installing the so -called stray app.

　2) Data encryption is standard

　Since iOS is a specification that all data is encrypted as a standard, it is difficult to decipher the content even if the attacker can steal the stored data.

　3) OS source code is not disclosed

　iOS, unlike open source Android, has a private OS source code.Therefore, it is unlikely that the attacker will find vulnerabilities or a version that has been unauthorized in the source code.

Security risk and its countermeasures in iOS

　It is important to note that iOS is said to have lower security risks compared to Android OS, but the risk is not zero.Below, we will explain the security risks assumed in iOS and its countermeasures.

　1) Security risk assumed in iOS

　There are three main security risks assumed in iOS.

　・ In iOS, which increases the risk of malware infection when "jailbreak", unofficial ones other than apps published in the App Store can also use unofficial ones by applying the so -called "jailbreak" remodeling to the OS.It will be.In this jailbreak iOS, the risk of malware infection increases, and in the past, malware has been discovered for jailbreak iPhone.Previously, there were a certain number of users who jailbreak to enable functions that were not available in standard iOS.However, recently, the function of iOS has been enhanced, and users who jailbreak until security risks have been declining.

　・ As mentioned from the company -only app, iOS can only distribute apps via App Store in principle, but distributing apps only for specific companies and in -organizations only in the App Store.Is acknowledged.There is also an attack that exploits the system called "Apple Developer Enterprise Program".

　・ Supply chain attack by “Supply Chain Attack” is a method of invading software developers and distributed PCs, and installing malware in the development program.Once the development process is installed in the middle of the development process, even in Apple's examination, it may slip through.

　In addition, although it does not depend on the specifications of the OS, I would like to keep in mind that account infringement on phishing scam sites and the like as a smartphone security risk.

　2) Security measures in iOS

　In iOS, functions such as so -called virus detection cannot be provided due to the OS specifications.This is because the operation of the application is limited to the sandbox, and the main files of the OS cannot be accessed, except for those who have permitted them.However, it is not necessarily a stone, and damage has occurred in the past.In order to avoid risks, I would like to take the following five security measures.

　・ By constantly updating iOS and apps that update iOS and apps to the latest, you can deal with known vulnerabilities.Eliminating vulnerabilities greatly reduces the risk of malware infection.Once the latest data is provided, update as soon as possible.

　・ There is also a method of aiming for malware infection via a personal computer, rather than aiming for iOS -equipped iPhones that do not connect to PCs with insufficient security measures.First, a personal computer whose security measures are insufficient, and immediately after the iPhone is connected to the computer, it becomes infected via USB.In order to prevent such a situation, we want to avoid connecting the iPhone to a PC suspected that security measures are inadequate.

　・ As explained before jailbreak, jailbreak greatly enhances security risks.In today's iOS, it can be said that there are few benefits for general users to jailbreak.In addition, jailbreak has a greater disadvantage compared to the advantages of jailbreak, as the jailbreak iPhone is not eligible for Apple's support.

　・ Delete unnecessary apps and profiles. Suspicious apps and configuration profiles that you do not remember installed yourself may be related to malware.In addition, deleting a third -party app that has been installed in the past, such as a decrease in frequency of use, can also increase safety.

　・ Cyber risk such as malware infection that regularly backs up data becomes a reality one day.Even if you regret at that time, it is a later festival.I want to back up important data regularly to avoid such a situation.It is also a countermeasure for ransomware that demands ransom for data from a hostage.

　At the beginning of 2021, the audio SNS app, which was provided only in iOS, was downloaded from the official App Store, but the communication route has been pointed out.If you use it for business, you should look at such risks.

Security risk and its countermeasures in Android OS

　A smartphone equipped with an Android OS is generally higher in security risk compared to iOS.

　1) Security risk assumed in Android OS

　There are three main security risks assumed on Android OS.

　-Android OS can be obtained from the official store other than the official store, in addition to Google's official app store "Google Play", there are also external app stores operated by device vendors and software vendors.In some cases, developers may distribute apps directly on their website.The apps that are directly published on the website, not the app store, are commonly known as the "stray app" and are open to the public without Google's examination, so the risk of malware infection should be considered high.。

　-Customize OS by device manufacturers Android OS is open source and the source code is generally disclosed, so it is easy for attackers to analyze.In some cases, the manufacturer has added its own app or customizes the source code itself and mounted it on the device, which has room for the attacker.

　・ As with the iOS by the “Supply Chain Attack”, there is a risk of “supply chain attack” in Android OS.Apps, which have been malware by supply chain attacks, may have through Google's screening and will be released on the Google Play Store.

　Of course, the risks that do not depend on the OS such as fishing scam sites are the same in Android OS.

　2) Security measures in Android OS

　Since the Android OS is an open source, vulnerabilities tend to be discovered by third parties.Therefore, it is necessary to take security measures properly.There are five main security measures to be taken on Android OS.

　・ Update OS and apps to the latest Android OS, OS and app updates are effective measures for known vulnerabilities.In order to reduce the risk of malware infection, we want to quickly apply the updates provided by OS.

　-The risk of malware infection is not required to be infected with malware via a personal computer that does not connect to a personal computer with insufficient security measures.Do not connect a smartphone to a computer where security measures are not installed, such as not installed security software.

　・ Installing from other than the Google Play Store should be carefully downloaded and installed from an app store or website other than the “Google Play” to limited to a reliable source.When installing, I would like to make sure that the provider information is confirmed in advance before performing it.

　・ Like the iOS that deletes unnecessary apps and profiles, suspicious apps and configuration profiles that you do not remember installed yourself may be related to malware, so delete them if you find them.

　・ Back up data regularly.In addition, even if you encounter a physical damage or loss of the device, it can be minimized by preparing a separate device.

　Is Android easy to be targeted by viruses?What are the necessary security measures?

A reliable security app for Android smartphones

　Compared to the iPhone, the Android smartphone based on the open source OS is undeniable in terms of security.Therefore, when using an Android smartphone, the introduction of security software can be said to be the key to enhance safety.However, as mentioned above, security software for Android smartphones has fake.That's why I want to introduce reliable security software.

　ESET's "ESET Mobile Security" is a security software for Android smartphones, which has a reputation for its high -performance and light operation.If you are already using the "ESET Internet Security" for personal computers, you can use it immediately by installing ESET mobile security on the Android smartphone.

　ESET Mobile Security also offers a trial version that can use all functions for 30 days, including virus detection, but also a function to block access to fraudulent sites and to prevent money damage when using internet banking.Users who are considering the introduction of security software would recommend you to try it.