I think a lot about mobile security. I talk about it a lot too. If mobile security wasn’t always an issue, don’t worry about it. Unfortunately that is the case and I find myself thinking about this subject all the time.
A thought popped into my head the other day that I had to test it. I delved into the Android settings in hopes of finding an answer to my question. I couldn’t find it no matter how much I dug. The only option I could remotely achieve what I wanted was to use a 3rd party app.
Also: 5 Easy Ways to Improve Your Android Phone Security Today
And you know how I feel about them (spoiler alert: don’t install unless absolutely necessary).
I went back to the drawing board and wondered why the built-in tools and options couldn’t do what I wanted.
It made a lot of sense.
I think I’d better explain myself.
One of the reasons why we install so few apps on Android phones is the idea that apps can access your home network. With the help of malware, any network-connected app can (with the right code) capture and read packets going to and from the LAN. When you log into your bank account via your desktop web browser, the app can intercept that traffic, read it, and send it to a malicious third party.
Also: How to turn your old Android smartphone into a security camera or pet camera
That’s a problem. Android lets you adjust permissions for every app, but those permissions ignore her one very important aspect of security: networking.
Yes, I tend to be overly paranoid when it comes to security. I use his 2FA for all services that offer it, I use a password manager, and at home he has 3 different wireless networks (each used for a different purpose). So the idea that any app on a mobile device can access the LAN is a bad idea for me. I not only access important accounts from my network, but also retrieve information from various clients (some of which are embargoed and contain sensitive information). We may also need to send you a contract containing confidential information. Mobile apps with hidden payloads cannot sniff network traffic.
And it gave me…
Imagine if mobile apps could be restricted to using only cellular networks. This means that the app cannot directly access the LAN. Apps are isolated to use cellular data only, and packets traveling to and from the local area network are isolated from the app.
With the ability to prevent apps from accessing your wireless network, you only need to worry about traffic to and from your cellular network. Such isolation goes a long way in preventing malicious apps from accessing various devices on the LAN, especially IoT devices, which tend to be much less secure than phones, desktops, and laptops. may be of benefit.
Also: The best mobile VPN keeps your digital data safe
I realized that there is a big caveat to this idea. Restricting mobile phone usage to cellular data only can result in overage of cellular charges. This is especially true if the app in question involves streaming video or audio. But from my point of view, this is a risk worth taking.
Moreover, it becomes an optional feature. If preventing cellular overage is more important than preventing apps from accessing devices and traffic on your wireless network, you cannot take advantage of the network isolation feature.
I’m not a developer, but this feature seems easy to use. Android already has the ability to limit mobile data usage by apps. How about adding the opposite interpretation to this? I understand that the idea behind apps that don’t use mobile data is to prevent overages. However, adding features to better protect users from malicious apps that control their networks and devices should be a top priority for Google.
Also: This compact Android is the best phone you’ve ever heard
And I don’t see why this can’t be built into the operating system. It may not be an option for everyone, but for those who are serious about security, this can be a huge boon.
Google, please consider this option on Android. I understand that it will also require work on the part of all app developers to make this work. If a developer decides this is a valuable security feature and refuses to add it to their app, they can always remove it from the Play Store.
Gone are the days when security was a top priority for Google, Android, Android app developers, and users. Until then, you should continue to worry about data and identity theft.