Protecting Android users in Southeast Asia
By Sharmila Ganapathy-Wallace October 16, 2017
- Higher rates of users being affected by potentially harmful applications in SEA
- There are cultural aspects related to the use of some security technologies
ACCORDING to the report Digital in 2017: Southeast Asia by Hootsuite and We Are Social, there were over 4.9 billion unique mobile users worldwide as of January 2017.
As of that month, Southeast Asia made up 11% of the total global mobile connections, which underscores the potential of mobile usage in this part of the world.
It is no surprise then that Southeast Asia is on Google Inc’s radar, as evidenced by a recent interview we had with Google’s director of Android Security Adrian Ludwig (pic).
One of the questions posed to Ludwig via the conference call interview was concerning security of entry-level smartphones in Southeast Asia.
Specifically, he was asked if phones in our region are more susceptible to hacking and malware compared to other regions in the world.
Risk differs by region
Ludwig replied that region is one of the characteristics Google sees that is strongly associated with higher risk.
“We do see higher rates of users being affected by potentially harmful applications in Southeast Asia. We do not see that being directly tied to whether those devices are low cost, nor have we seen that being tied to the version of the operating system in a way that it is really very clearly linked.”
However, he did say that is something that Google is looking into and constantly trying to address.
“One of the things we’ve been doing with our partners is that ensuring updates are available even on lower cost devices. We’re working with our partners via programmes like Treble to make it easier for these partners to update their devices. We’re also working them to identify if there are things we can help them with that are not technical, but more procedural. So these are definitely things we are thinking about,” he said.
Ludwig was also asked if Google assists with devices that have not been tested by Google or its partners.
“As far as assisting with devices that Google wasn’t involved with the testing of, if our applications are put on a device that hasn’t gone through our testing, the code will try and protect users any way it can but we really don’t know.”
He explained that this was because they don’t know what that device has on it and it hasn’t gone through the same level of scrutiny as the Google-tested devices.
“We’ll do our best, but we just don’t know whether we can be as effective on those devices or not. If you go to Google Play the user can check if the device is certified or not, which helps the users understand if they have the same level of protection,” he added.
Issues with fresh-from-the-factory devices
There are also mobile devices that have firmware issues fresh from the factory. Can Google Play Protect detect devices that are compromised? (Note: Google Play Protect is an Android security service provided free-of-charge to Google Play users worldwide.)
According to Ludwig, much of Google’s research in the past year has been focused on situations like that, where they have seen two different patterns that are particularly relevant in Southeast Asia.
“One of them is app stores that are provided on the device, or what we think of as a promotional service that pushes applications to devices. And we’ve seen a number of instances where those are pre-installed at the factory and end up pushing applications that are not wanted by users.”
They’ve also seen cases where there is a bad application on the device coming out of the factory.
“And so since we’ve been seeing that, we’ve been making improvements to Google Play Protect and for the past six months it has been able to detect such applications. And so we’ve taken the next step to disable the application and so the risk to the user is gone.”
User behaviour differs by country
When asked what he has learned about Android user behaviour surrounding security, Ludwig notes that some things are “particularly non-obvious”.
“I remember overhearing a conversation between a mother and her son where he had lost his phone and his mother scolded him for putting a lockscreen on the device. But she was nervous that someone wouldn’t know how to find him and give him his phone back. And so the difference in those two types of security was really eye-opening to me. He could have had his e-mail address on the lockscreen which is what I do to get the best of both worlds.”
One of the most eye-opening things for him, he said, is the different perspectives that people have and how security is very personal.
“Lockscreen data usage varies country by country; we have some data we’ve gotten via Google Play Protect. There are some countries in the world where over 95% of users have lockscreens and there’re some countries where it’s down at 50%. So there are clearly cultural aspects related to the use of some of these security technologies,” he said.
While clearly there is no one-size fits all protection for Android users, it pays for users in this part of the world to be more vigilant when using their mobile device, simply due to the potential harmful applications and other security threats.
Adrian Ludwig’s top five tips to stay safe on your mobile
- Use a secure lockscreen
- Make sure you’ve enabled data backups
- Download apps from a recognised apps store
- Make sure Google Play Protect and Find My Device are enabled
- Turn on 2-factor authentication for Google Services