How Will Android Apps Work on Windows 11?

close-up View of The New Microsoft Windows 11 Logo on Computer Screen

With the news that Android applications will be available on Windows 11, users can expect to find Android apps available for download with a few terms and conditions to apply.

Let’s look at how this integration will roll out and why it may not be the solution we hoped for.

How will Android apps be available on Windows 11?

Rather than relying on a version of the Google Play Store optimized for Windows, Android applications will be available on Windows through the app store maintained by Amazon. This arrangement brings a few challenges with it, however.

For one, Amazon’s Appstore offers remarkably few apps compared to the other marketplaces. What’s worse, this lack of apps is particularly apparent regarding the productivity-based software you’d expect to find. Naturally, there aren’t any of Google’s applications, and many famous business applications like Trello, Slack, and Asana are missing. LastPass, 1Password, and Bitwarden are also absent as far as password management solutions are concerned. Many Microsoft programs don’t appear either. While Outlook, the all-in-one version of Office, and OneNote are there, others aren’t. Major banking applications aren’t there.

Exacerbating this issue is that many of the apps available aren’t correctly maintained, far outdated compared to the versions present on the Play Store.

Why is this the case?

The root of all of these issues is Google Play Services, a key component to many applications’ operations. Google Play Services enables an application to handle purchases, use location data, push notifications, and various other functions.

Naturally, this makes Google Play Services critical to the functionality of Android applications and a challenge to host on more than one app store and why many titles are missing from Amazon’s. A developer effectively has to reinvent the wheel to put the same application on Amazon’s Appstore. Otherwise, the application breaks.

So, with developers simply not focusing their efforts on optimizing their applications for all platforms, these deficits will be reflected in the applications available on Windows 11.

Will this change?

Perhaps, provided that app developers focus on making their applications available through Amazon’s Appstore. In the meantime, you can count on 4Corner IT to equip your team members with the tools they need to function efficiently.

Give us a call at (954) 474-2204 to learn more.

Are Apple’s Devices Really More Secure?

front of apple store with apple logo from outside of store

For the better part of four decades, Apple has bragged that not only are their devices more secure than PCs, hackers don’t bother building threats specifically for their operating systems because their security is so superior. For this reason, Apple has routinely refused advances from law enforcement to share workarounds so that police can get into phones. Apple’s rationale for this constant refusal is that it would undermine their ability to keep the most secure personal computing devices, secure. Federal law enforcement officials went ahead and developed their own workaround and the findings may surprise many Apple aficionados. Let’s take a look:

The Discovery

After years of trying to go through Apple to gain access, they finally worked it out in 2020. In 2021, cryptographers published Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions, which is a position paper that looked to answer three questions:

  1. What security measures are currently in place to help deter unauthorized access to user data?
  2. How do modern devices allow unauthorized access?
  3. How can mobile security be improved to prevent unauthorized access?

Researchers analyzed both the newest Android and iOS platforms and found that neither of them had security preparations that functioned any better than the other. Any person with the right equipment, and the inclination, can in fact, access the OS on either device. This may come as a shock to those people who have been lauding Apple’s devices to be impenetrable.

Before you trash your iPhone, the researchers did “find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption” in iOS, but the tools presented were not used frequently enough to ensure security is maintained.

Android’s issues were exacerbated, in comparison to Apple’s, due to the vast amount of manufacturers that make Android-run products. They found that many devices lacked communications with Google, resulting in slowly implemented updates and inconsistencies in some devices’ security and privacy controls.

These are just the hardware and software vulnerabilities. In the rest of the report, the researchers detailed the specific vulnerabilities for each platform.

Weaknesses: Apple’s Devices

One of the iPhone’s best features is that it allows users to securely store data to iCloud. According to the researchers of this report, that isn’t all the data Apple takes possession of. When initiated, iCloud takes control of a lot of other data that is sent to Apple, where it is accessible by all different types of entities, hackers and law enforcement included.

This problem is exacerbated as the defenses put forth by Apple are less effective than initially thought. Analysis of this relationship led researchers to suppose that a tool that has been around since 2018 allows attackers to bypass integrated protections to guess user passcodes.

Weaknesses: Android’s Devices

On the other hand, researchers found Android had some serious issues with its local data protection. An example of this can be found in Android’s lack of an equivalent to Apple’s Complete Protection encryption, which leaves Android more open to breach. This is why the FBI can effectively access data from either platform without help from developers.

So What’s The End Result?

Ultimately, both mobile OSs are much more open to data breaches than either manufacturer is willing to admit. It’s never a good practice to assume your data is safe; especially with the default data protection developers have in place. It just goes to show that there is no such thing as impenetrable security, and it is on the users (or the organization) to actively accept these results and do what they need to do to secure their data more effectively.

To do this, you will need to manage these devices with a mobile device management platform and have your employees sign onto a Bring Your Own Device policy. This way your organization is covered in ways that individual devices and mobile platforms simply can’t.

If you would like more information about Bring Your Own Device, mobile device management, or any other platform that helps keep your organization’s data secure, give the IT experts at 4Corner IT a call at (954) 474-2204.

The Android Botnet that Victimized Consumers and Advertisers

the android botnet that victimized consumers and advertisers

“If it sounds too good to be true, it probably is.” Unfortunately, over 65,000 users neglected to observe this time-honored adage and proceeded to download a “free” app that came with the promise of among other things, a free pair of tennis shoes. Before it was all over, the online criminals had spoofed over 5,000 Android apps that in turn, downloaded an ad fraud botnet onto on over 65,000 devices. The botnet was also responsible for more than 2 billion bid requests. Yes, that’s billion, not million.

When Did It All Start?

The attack, now codenamed TERRACOTTA, began in late 2019 when a family of apps listed on the Google Play Store, offered users an opportunity to download an app in exchange for a free pair of tennis shoes, or in some cases, items such as event tickets, coupons, or even expensive dental treatments. For those who opted for the tennis shoes as their free gift, all they had to do was fill in their name along with their address details, select the shoes they wanted and in 14 days time, the shoes would be mailed to their front door. Incredibly, there were no strings attached. 

Since initially many users gave the apps a glowing 5-star review, others were likely encouraged by such positive feedback and eager to download an app and then part with their personal information. As time passed and not a single user claimed they received free tennis shoes, the 5-star reviews understandably turned negative. 

How Did They Do It?

The ad fraud botnet used in all the apps silently loaded ads in the background, and this is what made this family of apps completely different from other apps that have used somewhat similar tactics in that they bombarded users with unwanted, but obvious ads.

The entire family of apps used in the exploit were not reported to the Google Play Store as being supported by ads. Since no users ever reported seeing any unwanted ads, the apps were able to do their work under the radar. Further analysis showed no monetization mechanism and the analysis confirmed that no ads were ever shown to users. Using these clever ploys, the apps were able to deceive users on Google Play Store until the final week in June 2020.

Exploiting Advertisers

In addition to defrauding the average user, the apps also contained malware that deceived advertisers. Beyond the 14-day window of shoe delivery that of course never occurred, the apps acted as a delivery platform for other functionality that initially remained dormant.  

Eventually it was discovered the other functionality consisted of a customized Android browser that was packaged beside a control module written in the popular React Native framework. After being loaded on the phone, the customized Android browser was used to create deceitful ad impressions. These were then purchased by advertisers who bought them in the digital advertising ecosystem. 

Expert Exploitation

Those committing the fraud made use of several techniques that allowed their malware to remain undetected for quite some time. With their clever 14-day “waiting period”, it allowed them to leave an app that had no real functionality for an extended period of time on countless phones. By waiting a lengthy period rather than immediately exhibiting bad behavior, it made it much more difficult for users to connect downloading the malware-loaded app with unwanted behavior that occurred much later. The lengthy waiting period also negatively affected cybersecurity analysis since the apps required observation for an extended period of time in order to finally detect the exploitive behavior. Those in the anti-virus community simply were not prepared for malware that remained dormant for such a long period of time. 

A Cautionary Tale

The clever exploitation described above should be a cautionary tale for companies who may not be well-versed in how to effectively train their employees to spot such deceitful malware. If you would like more information on how to protect your company’s portable devices and other hardware and software from exploitation, please contact us.