Cheap Android Tablets Have Cut-Rate Security
When it comes to Android tablets, you get what you pay for — even during holiday sales. Android tablets costing substantially less than $100 are far more likely than more expensive models to have gaping security holes and other serious flaws, according to researchers from San Francisco-based mobile-security company Bluebox Labs.
Don't let the sub-$50 price tag on Walmart's Worryfree Zeepad tablet or Kohl's Zeki tablet fool you: Bluebox Labs' examination showed that these are some of the riskiest devices on the market, with several known vulnerabilities and at least one security backdoor.
MORE: Best Android Security Apps 2014
In its examination, Bluebox Labs took 12 tablets that were advertised as less than $50 on Black Friday or Cyber Monday. The lab installed its own free Trustable by Bluebox app, which checks devices for known software vulnerabilities as well what Bluebox calls a "backdoor" — in this context, a hidden access point designed for factory maintenance that could be co-opted by attackers.
Trustable by Bluebox also checks to see whether USB debugging (which gives connected computers administrative privileges) is on by default and if out-of-box security settings have any loopholes or issues. Based on these criteria, Trustable by Bluebox assigns each device a "trust score" between 1 and 10.
Several sub-$50 tablets Bluebox Labs tested were semi-trustable: the Craig 7-inch at Fred's Super Dollar, the Mach Speed Xtreme Play at Kmart, the RCA Mercury 7 available at Target, the Mach Speed Jlab Pro at Staples and the Ematic, Nextbook, Pioneer 7-inch and RCA 9-inch, all available at Walmart. Each received a trust score between 7 (the Nextbook) and 5.5 (the Craig), despite having at least two documented vulnerabilities.
Three more devices scored 4.4 or below and were labeled "suspicious" due to unexplained backdoors: the Worryfree Zeepad at Walmart, the Polaroid at Walgreens and the Zeki at Kohl's. As for the DigiLand tablet available at BestBuy for $50, Trustable by Bluebox wasn't able to score it accurately because the device "had so many discrepancies and never-encountered-before security issues."
"We know that the product quality and features on inexpensive tablets are less than more expensive tablets," wrote Bluebox Labs' Andrew Blaich in a company blog post detailing the findings. "But Android is Android, and the software running on these tablets should offer the same secure Android experience as other Android devices. Alas, the device vendor makes many decisions when constructing an Android tablet, and some of those decisions can drastically affect the overall security and long-term trustability of the device."
When the price increases, so does the security: The Samsung Galaxy Tab 3 Lite ($100) and the HTC Nexus 9 ($400) each received a "trustable" rating, with the HTC Nexus 9 scoring a perfect 10.
If you do use an Android tablet that may have dubious security, Bluebox Labs recommends not using it for online banking or online shopping, and instead reserving it only for gaming and simple Web searches.
To beef up an Android device's security on your own, Bluebox Labs offers a free Android User Security Guide with detailed steps to take.
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.
Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
