What can happen on my special-use Android 6.0?
June 18, 2019 4:38 PM   Subscribe

I have an Android 6.0 tablet that I really want to use for reading and notetaking. I have a dedicated Google account so the tablet can use Drive/Docs, a dedicated Dropbox account, Kindle, Scribd, Pocket, the library app Libby, and, very occasionally, the browser. My Amazon account has two-factor sign in. If those are the only Android apps I use on the tablet, what should I be thinking about/worrying about? Are some of those apps more vector-of-contagioney than others (i.e. the browser)? And would an Android antivirus program help?

The device is special (it's an e-ink device made for note taking), I really want to use it, and there aren't currently comparable devices with more updated Android OSs -- so please know that "just buy a more current Android" isn't useful for me. I'm more interested in harm reduction tips and/or understanding the security issues I might face.

Thank you!
posted by hungrytiger to Computers & Internet (4 answers total) 1 user marked this as a favorite
The browser would probably be the vector I'd be most worried about, if you're limiting yourself to well-known and trusted apps. The biggest hypothetical risk would be browsing a website hosting malicious code that targets your browser and version of android that could be able to break out of the browser's sandbox to do things that it shouldn't. If the browser still receives updates, that should help mitigate any potential issues like that, but if it's a browser that came with the device and is presumably tied to the device receiving updates, I'd try to switch to Chrome or Firefox.

Anti-virus is probably a good idea, but I wouldn't rely on it to catch everything. The fact that you're using an account dedicated to the device should help limit your exposure if something does go wrong.
posted by Aleyn at 6:24 PM on June 18, 2019 [1 favorite]

I suggest to also install the ad blocker extension uBlock Origin (by Raymond Hill) to your browser.
posted by mundo at 7:42 PM on June 18, 2019

Antivirus on Android is fairly pointless because of the isolation by design of each application. AV works, to the extent it does, on Windows/OS X/Linux because it has the ability to see everything on the system and at least to some level the kernel itself. Android, by design, limits what an app can see in other apps as well as the core OS.

Your biggest risk appears to be the browser. If it's no longer updated for your tablet, you could consider using Firefox or another alternative browser.
posted by Candleman at 9:51 PM on June 18, 2019

Externally-exploitable OS vulnerabilities are rare, so running the OS in itself shouldn't be a huge risk. (There are a ton of old Android devices out there, so if we do get a wormable remote exploit everyone is going to have a bad day.) However, I would expect the enforcement of security boundaries between applications to be weaker under older OS versions, so (to reiterate a lot of what has already been said):
  • For browser, use something that gets timely updates from the app store (Firefox, Chrome, ...). If there is a separate built-in browser: avoid it; ensure it's not set as default browser; disable it from the apps list if the manufacturer lets you.
  • Install as few apps as possible, from trusted parties.
  • Don't install any app with advertising. It'll likely be using the built-in web view, and pointing it at the toxic sludge that is the ad-placement market.
Detection-based anti-virus is a complete counterproductive waste of time on Android (as opposed to on Windows where it is only mostly a counterproductive waste of time).
posted by BobInce at 4:02 AM on June 19, 2019 [2 favorites]

« Older New Windows 10 computer won't install CCleaner....   |   Do I need to paint floor first? Newer »

You are not logged in, either login or create an account to post comments