Android malware software exists.
It's not fiction, and it's not something made up by the companies offering protection services. Thankfully, there isn't that much of a treat right now, but it's widely believed that Android malware is gaining traction, so just as with our PCs, we may soon have to make a habit of installing some anti-virus software, right after starting our new device for the first time, or restoring it to the factory settings, though we really hope this won't be the case.
Having an open operating system
is cool - this allows us to tweak it any way we want, customize it, install software that lets us do things that we can't do on other platforms, but all of this openness has its downsides as well. For example, there is no app review processes whatsoever before an app gets uploaded to the Google Play store. This means that a developer can concoct a malicious app, and then very easily make it available to the millions of Android users around the world. Another example is the fact that there are a lot of parties involved with the platform's development. Carriers, for instance, very often have control over what software updates are pushed to devices and when. As a result of this, many phones and tablets are left running dated software with built-in security flaws or weaknesses. Ultimately, what this all means is that with Android, we get a flexible OS with great possibilities, but also an OS that's highly-vulnerable to attacks. Google recently incorporated a new Google Bouncer technology into Google Play, designed to stop malicious apps from popping up in the store, but devs have already found ways of counteracting this. For example, an app may seem perfectly clean, but once it's installed onto a device, it may trigger the download of its dangerous part.
Now let's spend a few moments to discuss the possible ways that malicious software may exploit your infected handset. Of course, almost anything is possible, but among the most popular ones are sending messages to premium phone numbers, stealing personal data that might be on your phone, execution of different commands remotely like full data wipe, for example. Obviously, one can run into quite a bit of trouble, should their Android phone get infected.
As we said in the beginning, the number of apps carrying some malicious code is still quite low, but the forecasts are not good, as they are predicting a growing interest in development of Android malware
, probably due to the system's ever-increasing popularity (and open nature). That's why we decided to come up with a small guide for those of you worried about the security of their mobile device.
Android malware protection: a guide for the paranoid
Android malware protection: a guide for the paranoid
1. Checking permissions
Right before an app is installed on your Android device, the system shows you a screen with all the permissions that the app is requesting. These permissions represent the parts of the OS that this app will be able to mess with. Apparently, if you're installing a 3D shooter game, there's no good reason why it would be requesting access to your contacts data, right? However, it's been our observation that there are many regular, clean apps that require more permissions than needed, so this rule isn't always working.
2. Install from Google Play
It will be best if Google Play, the official Android market for apps, is your exclusive provider of applications. Not that Google reviews each and every offering there, but it's still much more secure than if you just side-load your APKs, downloaded from some of those shady file hosting sites.
3. Always update your software
Do not forget to update your device's software. Whenever a software update is available - just go ahead and apply it. Google is fixing various known security issues and bugs with pretty much every new release, so having an up-to-date OS running on your Android phone/tablet is vital for its security.
4. Consider installing an anti-malware app
We know that making the move to installing an anti-virus / anti-malware app on your phone is not the easiest one to make, and it's probably still unneeded in most cases. However, if you are a heavy user, browsing through a lot of webpages and downloading many apps, not only popular ones, this might not be such a bad idea. Plus, these mobile protection apps often come with a complete package of security services such as remote lock/wipe. Still, you should keep in mind that not all such products are created equal. One of the very best ones out there are the respective products from avast!, Dr.Web, F-Secure, IKARUS, Kaspersky, Lookout, McAfee, MYAndroid, NQ Mobile and Zoner, according to a test report by IT-security institute AV-Test.
5. Don't store account passwords
If the thought of someone stealing the password for your Facebook account gives you nightmares, then it might be best if you simply avoid saving it in the Android browser or app. Sure, it'd be annoying that you have to enter it every time, but at least you'll have a sound sleep! Now, seriously, some passwords may be way more important than others, that's why you should remember that you can always tell your device not to remember them. What's more, it might be wise if you manually cancel your sessions, so that your details don't linger in the air. For example, you've logged into one of those special account of yours, but you're done with what you wanted to do. Instead of simply closing the browser, it would be safer if you press the "Log out" button. This way, no one will be able to see your personal details.
Of course, nothing can fully guarantee that you'll never fall victim to malware software, but we believe that in case you follow these basic rules, the chances of you getting some of these nasty pieces of malicious code on your device will be minimized. Now, tell us - are you worried about the security of the data on your mobile devices?