Midhun P Gopi, profile picture
Uploaded byMidhun P Gopi
PPTX, PDF5,030 views

Android security

The document discusses Android security and provides an overview of key topics. It begins with Android basics and versions. It then covers the Android security model including application sandboxing and permissions. It defines Android applications and their components. It discusses debates on whether Android is more secure than iOS and outlines multiple layers of Android security. It also addresses Android malware, anti-virus effectiveness, rooting, application vulnerabilities, and security issues.

Embed presentation

Downloaded 608 times
Android Security Presentation By, Midhun P G 8th Nov, 2013
WALK THROUGH  Android Basics     Android Security Model            Application Sandboxing Permission Model What is an Android application?     Introduction Versions Android Stack Application Components Manifest file Requesting Permissions Android more secure than IOS?? Multiple Layers of Android security Android Malwares How effective are mobile anti-viruses Android Rooting Android Market Android Application Vulnerability Scanner Toolkit Open Security issues in Android platform Top 7 Vulnerabilities Android Application Developers May Jump Into
Android Basics
There are 4 billion mobile phones among 7 billion people in the world  Android owns the crown among its competitors  The use of smartphones for financial transactions and storing private information is increasing  Losing the mobile phone is more worse than losing wallets  Securing the data residing in mobiles is of prime importance. 
Android uses a kind of UNIX sandboxing method to run its applications  Applications uses IPC mechanisms to communicate among each other  These IPC mechanisms uses concept of endpoints  All the configuration parameters and the security parameters of an application are defined in a file called AndroidManifest.xml 
ANDROID VERSIONS
ANDROID SOFTWARE STACK
Android Security Model
 Unix Sandboxing  Each application have its own user name and memory space  One app cannot access resources of other app  Android permission enforcement
Android permissions protect -- Access to sensitive APIs -- Access to content providers -- Inter- and intra-application communication
What is an Android Application…?
WHAT IS AN ANDROID APPLICATION…?  Android applications are composed of one or more application components Activities  Services  Broadcast Receivers  Content Providers  Each component performs a different role in the overall application behavior, and each one can be activated individually (even by other applications)  The manifest file must declare all components in the application and should also declare all application requirements. 
ACTIVITIES
SERVICES
BROADCAST RECEIVERS
CONTENT PROVIDERS
INTENTS & INTENT FILTERS
MANIFEST FILE
COMPONENT PERMISSION  Components can be made accessible to other applications (exported) or be made private Default is private   Converted to public when component is registered to receive an implicit intents    Components can be protected by permission
REQUESTING PERMISSIONS
Android more secure than IOS??
Eric Schmidt made a comment that Android is more secure than IOS.
The comment only prompted laughter from the crowd
 Google backed up their chairman, stating that only 0.001% of installed apps are malicious.  They provided data for it.
Multiple Layers of Android security
Android Malwares
Android Is Secure...Users Aren‘t  Google can't count malware it doesn't see  Android has defenses...to protect itself, not your data  Many of Android's defenses are bypassed with a few taps, or by users  unauthorized sources  Rooting  What else.. ? 
How effective are mobile anti-viruses…?
 No, Mobile Anti-Malware Utilities for Android are Not Perfect, or Even the Same Protection You Get on the Desktop  You can't just install a mobile security suite on your Android phone and assume you'll be safe regardless of what you do.  The real weapon you have against Android malware is common sense.
How Do You Protect Yourself…?
LEARN TO TELL IF AN ANDROID APP IS MALWARE BEFORE YOU INSTALL IT  Take a look at app store reviews  Pay attention to the permissions an app requests  Check the developer's other apps  Don't install applications from unusual or suspicious sources  Keep a close watch on SMS and data activity
ANDROID ROOTING
 Android rooting is the process of allowing users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as "root access") within Android's subsystem.
GENERAL ROOTING TERMS Root  ROM  Kernel  Flash  Brick  Bootloader  Recovery  ADB 
"Rooting" vs. "jailbreaking"
 In the tightly-controlled iOS world, technical restrictions prevent installing or booting into a modified or entirely new operating system (a "locked bootloader" prevents this)  sideloading unsigned applications onto the device  user-installed apps from having root privileges (and are run in a secure sandboxed environment)   Bypassing all these restrictions together constitute the expansive term "jailbreaking" of Apple devices
Android Market
OPEN SECURITY ISSUES IN ANDROID PLATFORM
OPEN SECURITY ISSUES    Malicious Applications  Rooting Exploits  SMS Fraud  Rapid Malware Production Dynamic Analysis  Sandbox  Real-time Monitoring  Mobile Specific Features Static Analysis  Permissions  Data Flow  Control Flow  Browser Attacks  Phishing  Click Through  Mobile Botnets  Epidemic Spread  Attacking Network Services  Tracking Uninfected Devices  User Education  Ignoring Permissions  Phishing  Improperly Rooting Devices  Alternative Markets
OTHER OPEN PROBLEMS  Hard to separate malicious code from benign  Poor Application Verification  Obfuscation  Dynamic code loading  Limited availability of tools  Repackaging  Resources for Understanding Android Security
TOP 7 VULNERABILITIES ANDROID APPLICATION DEVELOPERS JUMP INTO Unauthorized Intent Receipt  Intent Spoofing  Insecure Storage  Insecure Network Communication  SQL Injection  Over Privileged Applications  Persistent Messages: Sticky Broadcasts 
SOME SOLUTIONS… Bouncer  Taintdroid  Droidbox  Mercury Framework  Androguard  Apktool  Dex2Jar  Dexdump  … and much more … 
ANDROID APPLICATION VULNERABILITY SCANNER TOOLKIT
 Vulnerabilities in Android applications Intent Spoofing (Confused-deputy Vulnerability)  Insecure Storage (Cross-application Data Stealing Vulnerability)  Over Privileged Applications  Debuggable Applications  No tool available for finding and fixing vulnerabilities in Android applications  Sensitive user data is getting leaked due to insecure applications 
 http://securityresearch.in/index.php/mobile/androidapplication-vulnerability-scanner-toolkit
SOME TIPS TO KEEP YOUR DATA SECURE  Always use encryption (whatsapp)  Never download apps from unsolicited emails and texts (malware)  Always check apps permissions (confused-deputy attacks, malware)  Monitor your data and messages
Android security
Android security

More Related Content

PPTX
Android security
byMobile Rtpl
 
PPTX
Android Security
byArqum Ahmad
 
PPTX
Mobile Application Security
byIshan Girdhar
 
PDF
Android Security
byLars Jacobs
 
PPTX
Android application development ppt
byGautam Kumar
 
PDF
Android Security & Penetration Testing
bySubho Halder
 
PPTX
Mobile security
byHimmatsingh Rajpurohit
 
PPTX
Pentesting iOS Applications
byjasonhaddix
 
Android security
byMobile Rtpl
 
Android Security
byArqum Ahmad
 
Mobile Application Security
byIshan Girdhar
 
Android Security
byLars Jacobs
 
Android application development ppt
byGautam Kumar
 
Android Security & Penetration Testing
bySubho Halder
 
Mobile security
byHimmatsingh Rajpurohit
 
Pentesting iOS Applications
byjasonhaddix
 

What's hot

PPTX
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
PPTX
Understanding android security model
byPragati Rai
 
ZIP
Android Application Development
byBenny Skogberg
 
PPTX
Mobile security
bypriyanka pandey
 
PPTX
Mobile security
bydilipdubey5
 
PDF
OWASP Top 10 for Mobile
byAppvigil - Mobile App Security Scanner
 
PDF
Ios vs android
byDawood University of Engineering and Technology
 
PPTX
Android pentesting
byMykhailo Antonishyn
 
PDF
Android Location and Maps
byJussi Pohjolainen
 
PPTX
Introduction to android
byzeelpatel0504
 
PPTX
Mobile Device Security
byNemwos
 
PPTX
Pentesting Android Apps
byAbdelhamid Limami
 
PDF
Ensuring Mobile Device Security
byQuick Heal Technologies Ltd.
 
PPTX
Mobile security
byNaveen Kumar
 
PPTX
Presentation on Android application
byAtibur Rahman
 
PPTX
Android Hacking + Pentesting
bySina Manavi
 
PDF
Mobile Security 101
byLookout
 
PDF
Mobile App Development
byChris Morrell
 
PDF
Android Hacking
byantitree
 
PPTX
What is Flutter
byMalan Amarasinghe
 
Android Application Penetration Testing - Mohammed Adam
byMohammed Adam
 
Understanding android security model
byPragati Rai
 
Android Application Development
byBenny Skogberg
 
Mobile security
bypriyanka pandey
 
Mobile security
bydilipdubey5
 
OWASP Top 10 for Mobile
byAppvigil - Mobile App Security Scanner
 
Ios vs android
byDawood University of Engineering and Technology
 
Android pentesting
byMykhailo Antonishyn
 
Android Location and Maps
byJussi Pohjolainen
 
Introduction to android
byzeelpatel0504
 
Mobile Device Security
byNemwos
 
Pentesting Android Apps
byAbdelhamid Limami
 
Ensuring Mobile Device Security
byQuick Heal Technologies Ltd.
 
Mobile security
byNaveen Kumar
 
Presentation on Android application
byAtibur Rahman
 
Android Hacking + Pentesting
bySina Manavi
 
Mobile Security 101
byLookout
 
Mobile App Development
byChris Morrell
 
Android Hacking
byantitree
 
What is Flutter
byMalan Amarasinghe
 

Viewers also liked

PDF
Deep Dive Into Android Security
byMarakana Inc.
 
PPT
Analysis and research of system security based on android
byRavishankar Kumar
 
PPTX
Permission in Android Security: Threats and solution
byTandhy Simanjuntak
 
PPTX
Android sandbox
byAnusha Chavan
 
PDF
Brief Tour about Android Security
byNational Cheng Kung University
 
PPT
Android Security
bySuminda Gunawardhana
 
PDF
Android Security - Common Security Pitfalls in Android Applications
byBlrDroid
 
PPTX
Presentation on Android operating system
bySalma Begum
 
PPT
Android ppt
byblogger at indiandswad
 
PDF
Android Security Overview and Safe Practices for Web-Based Android Applications
byh4oxer
 
PPTX
Android security model
byrrand1
 
ODP
Android security in depth
bySander Alberink
 
PDF
Android system security
byChong-Kuan Chen
 
PPTX
[Wroclaw #1] Android Security Workshop
byOWASP
 
PPTX
Security threats in Android OS + App Permissions
byHariharan Ganesan
 
PPT
Understanding Android Security
byAsanka Dilruk
 
PDF
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
byCheng-Yi Yu
 
PDF
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
byConsulthinkspa
 
PDF
2015.04.24 Updated > Android Security Development - Part 1: App Development
byCheng-Yi Yu
 
PDF
Testing Android Security Codemotion Amsterdam edition
byJose Manuel Ortega Candel
 
Deep Dive Into Android Security
byMarakana Inc.
 
Analysis and research of system security based on android
byRavishankar Kumar
 
Permission in Android Security: Threats and solution
byTandhy Simanjuntak
 
Android sandbox
byAnusha Chavan
 
Brief Tour about Android Security
byNational Cheng Kung University
 
Android Security
bySuminda Gunawardhana
 
Android Security - Common Security Pitfalls in Android Applications
byBlrDroid
 
Presentation on Android operating system
bySalma Begum
 
Android ppt
byblogger at indiandswad
 
Android Security Overview and Safe Practices for Web-Based Android Applications
byh4oxer
 
Android security model
byrrand1
 
Android security in depth
bySander Alberink
 
Android system security
byChong-Kuan Chen
 
[Wroclaw #1] Android Security Workshop
byOWASP
 
Security threats in Android OS + App Permissions
byHariharan Ganesan
 
Understanding Android Security
byAsanka Dilruk
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
byCheng-Yi Yu
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
byConsulthinkspa
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
byCheng-Yi Yu
 
Testing Android Security Codemotion Amsterdam edition
byJose Manuel Ortega Candel
 

Similar to Android security

PDF
Securing Android
byMarakana Inc.
 
PDF
Android security
byMohamed Alharbi
 
PDF
android Security
bydarkC0de
 
PPTX
Android security
byBehzadBeigzadeh
 
PDF
Mediating Applications on the Android System
byNizar Maan
 
PDF
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
byFelipe Prado
 
PPTX
Security testing of mobile applications
byGTestClub
 
PDF
Hacking Android [MUC:SEC 20.05.2015]
byAngelo Rüggeberg
 
PDF
Introduction to Android Application Security Testing - 2nd Sep 2017
bySatheesh Kumar V
 
PPT
Outsmarting SmartPhones
bysaurabhharit
 
PDF
ToorCon 14 : Malandroid : The Crux of Android Infections
byAditya K Sood
 
PPTX
Untitled 1
bySergey Kochergan
 
PPTX
IPhone Application Development India |#IPhoneApplicationDevelopmentIndia
byMobile App Developers India
 
PPTX
Andriod
bySanmit Pawar
 
PPTX
Security models of modern mobile systems
byDivya Raval
 
PPTX
Advanced Malware Analysis Training Session 8 - Introduction to Android
bysecurityxploded
 
PDF
Android Security: A Survey of Security Issues and Defenses
byIRJET Journal
 
PPTX
Android overview
byAhmed M. Abed
 
PPTX
Secure Android Apps- nVisium Security
byJack Mannino
 
PPTX
Mobile security
byStefaan
 
Securing Android
byMarakana Inc.
 
Android security
byMohamed Alharbi
 
android Security
bydarkC0de
 
Android security
byBehzadBeigzadeh
 
Mediating Applications on the Android System
byNizar Maan
 
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
byFelipe Prado
 
Security testing of mobile applications
byGTestClub
 
Hacking Android [MUC:SEC 20.05.2015]
byAngelo Rüggeberg
 
Introduction to Android Application Security Testing - 2nd Sep 2017
bySatheesh Kumar V
 
Outsmarting SmartPhones
bysaurabhharit
 
ToorCon 14 : Malandroid : The Crux of Android Infections
byAditya K Sood
 
Untitled 1
bySergey Kochergan
 
IPhone Application Development India |#IPhoneApplicationDevelopmentIndia
byMobile App Developers India
 
Andriod
bySanmit Pawar
 
Security models of modern mobile systems
byDivya Raval
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
bysecurityxploded
 
Android Security: A Survey of Security Issues and Defenses
byIRJET Journal
 
Android overview
byAhmed M. Abed
 
Secure Android Apps- nVisium Security
byJack Mannino
 
Mobile security
byStefaan
 

Recently uploaded

PPTX
Planning Assessment for Outcome-based Education
byAdri Jovin
 
PPTX
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PPTX
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
PPTX
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
PPTX
Semester 6 Unit 2 Club foot (talipes).pptx
bysachin7989
 
PPTX
3 G8_Q3_L3_ (Cartoon as Representation in Opinion Editorial Article).pptx
byNorafeSahagun
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PDF
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
PPTX
AN EXTREMELY BORING GENERAL QUIZ FOR UG.pptx
bySriramG47
 
PDF
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
PPTX
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
PPTX
Nursing Unit Management, patient care unit, physical layout of nursing unit,t...
byyellow4878
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PPTX
How to use search_read method in Odoo 18
byCeline George
 
PDF
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
PPTX
Access partner report in Odoo 18.2 _ Odoo 19
byCeline George
 
PPTX
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
PDF
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
Planning Assessment for Outcome-based Education
byAdri Jovin
 
Searching in PubMed andCochrane_Practical Presentation.pptx
bySystematic Reviews Network (SRN)
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
Pain. definition, causes, factor influencing pain & pain assessment.pptx
byPompi Begum
 
Semester 6 Unit 2 Club foot (talipes).pptx
bysachin7989
 
3 G8_Q3_L3_ (Cartoon as Representation in Opinion Editorial Article).pptx
byNorafeSahagun
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
AN EXTREMELY BORING GENERAL QUIZ FOR UG.pptx
bySriramG47
 
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
Nursing Unit Management, patient care unit, physical layout of nursing unit,t...
byyellow4878
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
How to use search_read method in Odoo 18
byCeline George
 
Blood Group Incompatibility: Rh Factor and Erythroblastosis Fetalis
bySudhandraKarthi
 
Access partner report in Odoo 18.2 _ Odoo 19
byCeline George
 
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 

Android security

  • 1.
  • 2.
    WALK THROUGH  Android Basics     AndroidSecurity Model            Application Sandboxing Permission Model What is an Android application?     Introduction Versions Android Stack Application Components Manifest file Requesting Permissions Android more secure than IOS?? Multiple Layers of Android security Android Malwares How effective are mobile anti-viruses Android Rooting Android Market Android Application Vulnerability Scanner Toolkit Open Security issues in Android platform Top 7 Vulnerabilities Android Application Developers May Jump Into
  • 3.
  • 4.
    There are 4billion mobile phones among 7 billion people in the world  Android owns the crown among its competitors  The use of smartphones for financial transactions and storing private information is increasing  Losing the mobile phone is more worse than losing wallets  Securing the data residing in mobiles is of prime importance. 
  • 5.
    Android uses akind of UNIX sandboxing method to run its applications  Applications uses IPC mechanisms to communicate among each other  These IPC mechanisms uses concept of endpoints  All the configuration parameters and the security parameters of an application are defined in a file called AndroidManifest.xml 
  • 6.
  • 7.
  • 8.
  • 9.
     Unix Sandboxing  Each applicationhave its own user name and memory space  One app cannot access resources of other app  Android permission enforcement
  • 12.
    Android permissions protect --Access to sensitive APIs -- Access to content providers -- Inter- and intra-application communication
  • 13.
    What is anAndroid Application…?
  • 14.
    WHAT IS ANANDROID APPLICATION…?  Android applications are composed of one or more application components Activities  Services  Broadcast Receivers  Content Providers  Each component performs a different role in the overall application behavior, and each one can be activated individually (even by other applications)  The manifest file must declare all components in the application and should also declare all application requirements. 
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
    COMPONENT PERMISSION  Components canbe made accessible to other applications (exported) or be made private Default is private   Converted to public when component is registered to receive an implicit intents    Components can be protected by permission
  • 23.
  • 24.
  • 26.
    Eric Schmidt madea comment that Android is more secure than IOS.
  • 27.
    The comment onlyprompted laughter from the crowd
  • 28.
     Google backed uptheir chairman, stating that only 0.001% of installed apps are malicious.  They provided data for it.
  • 29.
    Multiple Layers ofAndroid security
  • 32.
  • 34.
    Android Is Secure...UsersAren‘t  Google can't count malware it doesn't see  Android has defenses...to protect itself, not your data  Many of Android's defenses are bypassed with a few taps, or by users  unauthorized sources  Rooting  What else.. ? 
  • 35.
    How effective aremobile anti-viruses…?
  • 36.
     No, Mobile Anti-MalwareUtilities for Android are Not Perfect, or Even the Same Protection You Get on the Desktop  You can't just install a mobile security suite on your Android phone and assume you'll be safe regardless of what you do.  The real weapon you have against Android malware is common sense.
  • 37.
    How Do YouProtect Yourself…?
  • 38.
    LEARN TO TELLIF AN ANDROID APP IS MALWARE BEFORE YOU INSTALL IT  Take a look at app store reviews  Pay attention to the permissions an app requests  Check the developer's other apps  Don't install applications from unusual or suspicious sources  Keep a close watch on SMS and data activity
  • 39.
  • 40.
     Android rooting isthe process of allowing users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as "root access") within Android's subsystem.
  • 41.
    GENERAL ROOTING TERMS Root ROM  Kernel  Flash  Brick  Bootloader  Recovery  ADB 
  • 42.
  • 43.
     In the tightly-controllediOS world, technical restrictions prevent installing or booting into a modified or entirely new operating system (a "locked bootloader" prevents this)  sideloading unsigned applications onto the device  user-installed apps from having root privileges (and are run in a secure sandboxed environment)   Bypassing all these restrictions together constitute the expansive term "jailbreaking" of Apple devices
  • 44.
  • 45.
    OPEN SECURITY ISSUESIN ANDROID PLATFORM
  • 46.
    OPEN SECURITY ISSUES    MaliciousApplications  Rooting Exploits  SMS Fraud  Rapid Malware Production Dynamic Analysis  Sandbox  Real-time Monitoring  Mobile Specific Features Static Analysis  Permissions  Data Flow  Control Flow  Browser Attacks  Phishing  Click Through  Mobile Botnets  Epidemic Spread  Attacking Network Services  Tracking Uninfected Devices  User Education  Ignoring Permissions  Phishing  Improperly Rooting Devices  Alternative Markets
  • 47.
    OTHER OPEN PROBLEMS  Hardto separate malicious code from benign  Poor Application Verification  Obfuscation  Dynamic code loading  Limited availability of tools  Repackaging  Resources for Understanding Android Security
  • 48.
    TOP 7 VULNERABILITIESANDROID APPLICATION DEVELOPERS JUMP INTO Unauthorized Intent Receipt  Intent Spoofing  Insecure Storage  Insecure Network Communication  SQL Injection  Over Privileged Applications  Persistent Messages: Sticky Broadcasts 
  • 49.
    SOME SOLUTIONS… Bouncer  Taintdroid Droidbox  Mercury Framework  Androguard  Apktool  Dex2Jar  Dexdump  … and much more … 
  • 50.
  • 51.
     Vulnerabilities in Androidapplications Intent Spoofing (Confused-deputy Vulnerability)  Insecure Storage (Cross-application Data Stealing Vulnerability)  Over Privileged Applications  Debuggable Applications  No tool available for finding and fixing vulnerabilities in Android applications  Sensitive user data is getting leaked due to insecure applications 
  • 59.
  • 60.
    SOME TIPS TOKEEP YOUR DATA SECURE  Always use encryption (whatsapp)  Never download apps from unsolicited emails and texts (malware)  Always check apps permissions (confused-deputy attacks, malware)  Monitor your data and messages