I have already expressed my opinion many times about security updates, which, in my opinion, are completely useless from a practical point of view. But who am I to spread my dissident views among the public, winning them over to my side. My duty is first of all to convey objective information, and only then, if there is time left, to spice it up a little with my own opinion, giving the reader food for thought. But the main thing for me is still the principle of 'do no harm', and therefore, when it comes to safety, my opinion goes to hell.
Google released a security update in January, which, however, is not available to everyone
Google released its January security update that fixes seven vulnerabilities affecting devices on Android 8.0, 8.1 and 9.0, one of which is critical. It is dangerous primarily because it allows attackers to interfere with the permission system and perform almost any manipulation on a vulnerable smartphone. In fact, at this moment the hacker gets the rights of the device administrator and the ability to give him any commands, as if he were the owner.
How it gets hacked Android
Updates Android are useless because you can protect yourself from malware without them
The exploitation of the vulnerability in question does not happen with a wave of the hacker's hand. In order to infect a device, it is necessary to provoke the victim to install a malicious application. Only then can the attacker establish contact with the infected device and start giving it commands using a remote connection. Thus, you can collect SMS-messages, which are often used to confirm login to social media accounts and banking applications, copy and forward photos, and much more.
True, the main problem facing users is the availability of the January patch that fixes the described vulnerability. The fact is that as of January 9, 2020, this update is available only to a small number of devices, while the bulk is actually left without protection. Even many flagship smartphones have not yet received this update, not to mention budget devices, which are probably still based on the November or, even worse, October assembly, simply because their manufacturer simply does not want to adapt the update.
How to protect yourself from hacking
However, given that the exploitation of the vulnerability is impossible without a connecting link, the role of which is played by a malicious program, you can protect yourself without installing an update. In addition, in general, you will not need active actions to protect yourself. All you need is to stop downloading software from unreliable sources and completely forget about the APK. It's still a rather dangerous tendency to use independent directories, even if they seem quite safe at first glance. Yes, Google Play is also imperfect, but, as practice shows, it is advertising applications that mainly penetrate there, but spyware, if it gets there, is very promptly expelled by specially trained algorithms and people who work at Google's salary.
But what if you feel that you have fallen for the bait of intruders? Well, first you should check your smartphone for malware using antivirus software. For this purpose, Kaspersky Lab or Malwarebytes solutions are suitable for us. Just activate the scan, as a result of which it will become clear whether your device has signs of infection or not. If so, initiate the removal, since antiviruses usually have such a function. If not, follow the advice from the previous paragraph and just don't download anything.