COMPREHENSIVE APPROACHES TO ENSURING THE CONFIDENTIALITY AND RESILIENCE OF ANDROID DEVICES IN CURRENT CYBERTHREAT CONDITIONS

Abstract

The article examines the current state of the Android mobile operating system ecosystem, focusing on cybersecurity issues, threats, and mitigation methods. In particular, it considers the peculiarities of Android version fragmentation, which complicates the development of compatible applications and creates additional security risks, as older versions may contain unpatched vulnerabilities. Threats associated with the use of third-party applications and data collection libraries are analyzed, as well as the shortcomings of the Google Play system, which is not always able to effectively prevent the distribution of malicious software. Particular attention is paid to the risks arising from dynamic code loading, as well as attacks through mobile device sensors that allow for remote acquisition of sensitive information and unauthorized device control. The article reviews the classification of cyber threats for Android devices, including modern mass threats such as adware, ransomware, Mobile Unwanted Software, and complex targeted APT-class attacks, including Pegasus, SunBird, Gooligan, and Dark Caracal. A special category of side-channel attacks is highlighted, which are implemented through the analysis of physical device characteristics such as power consumption, electromagnetic radiation, acoustic signals, or inertial sensor data, and are capable of providing covert extraction of cryptographic keys, passwords, and personal identifiers. Internal cyberattacks aimed at exploiting vulnerabilities in the operating system, inter-process communication, and hardware are analyzed separately, including mechanisms for bypassing Android Keystore protection and the use of excessive permissions to implement malicious functionality. A significant security issue is the spread of malware through the official Google Play store. It has been established that malicious programs systematically enter the store due to the use of multi-level obfuscation techniques, incremental updates, recompilation, and dynamic code loading. Additionally, user security is affected by social engineering, which forces the installation of malicious applications under the guise of legitimate ones. It has been found that many malicious applications activate harmful code with a delay, making their timely detection by traditional antivirus tools impossible.