With Black Friday and Cyber Monday, the holiday spending season has finally begun, and many retailers are offering bargains on consumer electronics. In particular, big names retailers like Best Buy, Walmart, Target, Kmart, Kohl’s, and Staples offer advantageous deals on their Android tablets which might be however unsafe from a security standpoint.
When it comes to cheap tablets, the main complaint that you usually hear is that they are inefficient and terrible to use. But, it also turns out that cheap tablets also tend to be riddled with security problems. Bluebox Labs, a security software firm, recently ran a test on a number of cheap tablets on sale at big-box stores.
A bunch of the tablets they tested had malicious app protections - the setting that prevents you from installing apps from unknown sources - turned off by default. This makes it far more likely for malwares to be downloaded, and credit card information to be stolen. As a consequence, what seemed like a great bargain turned out to be a big security concern. Unfortunately, unsuspecting consumers who purchase and use these devices will be putting their mobile data & passwords at risk.
In addition, a number of the tablets came rooted out of the box, making them more easily compromised by lazy hackers. A couple were signed using a test signature for AOSP, a custom version of Android, which would make rolling out a malware-infected system upgrade easy; and Staples' $39 tablet even had some security features painstakingly removed for no good reason.
Then, of course, there are the programs that come pre-installed to ruin things. Bluebox did not go into details regarding this aspect but it claimed that a few tablets came installed with adware, or custom versions of Angry Birds that collect extra user data.
From a security perspective, it is fairly clear that cheap tablets are not a great investment. Cheap tablets are usually slow, buggy, and often do not have access to Google's app collections. Cheap tablets never get updates, and they are built with cheap components. However, Android is Android, and the software running on these tablets should at least offer the same standards of security that Android provides for its other devices. Unfortunately, the device’s vendor made many decisions when constructing the Android tablet, and some of those decisions can drastically affect the overall security and long-term trustability of the device.
I could have not written this article without the help of the following sources: