Android

Flap off, data thieves! Practice safe Androiding

Android's increasing popularity comes with a price -- malware. Jack Wallen offers up his best practices to help you keep your Android free from malicious software.

 

Safe Androiding
 

In 2013, more than 42,000 apps in the Google Play Store contained some form of malware -- from spyware to information-stealing Trojans. Some of these apps were known to snag a device ID, while others were busy bypassing security features (using a Trojan called Air Push) to subscribe a device to premium content. The apps ranged from games to personalization to entertainment. The problem most Android users faced was how to use their devices safely.

Before you panic and jump off the Android bandwagon, know that the statistics for the malicious software were collected by a company called RiskIQ. In order to qualify as a risk, a piece of software could:

  • Collect and send GPS coordinates
  • Contact lists and e-mail addresses to third parties
  • Record phone conversations and send them to attackers
  • Take control of the infected phone
  • Download other malware onto the phone

There are some legitimate pieces of software that require the first two in the list, so you have to understand that a portion of that staggering 42K number are collateral damage to RiskIQ's study.

With that in mind, what is the best way for Android users to practice safe “Androiding” and avoid releasing sensitive data into the void, damaging costly hardware, and wasting precious time with a downed device? Here are a few tips.

Use caution when installing apps

When I’m looking for an app, the first thing I do is examine the producing company. If there are two apps that I'm considering and one is produced by a known entity, I’ll choose that option first -- but I still use caution. 

Let’s take a look at the recent Flappy Bird fiasco. The game became an enormous hit, and then it was taken down by its creator. Shortly after the take down, a number of imposter apps appeared, claiming to be the original. However, if you install one of those imposters, well... you’ll be flapping your bird to some form of support to help disinfect your device. So, how do you avoid this type of disaster?

Again, use caution. Say you search for Flappy Bird, and you find a number of apps in the Google Play Store claiming the same name. Avoid all of them. In nearly every case, you'll find these apps taking advantage of something -- either public ignorance or high demand. This is especially true when an app soars to such high popularity as Flappy Bird.

The next step, when installing an app, is to pay careful attention to the app permissions during the installation process. I’ve watched so many users simply tap Accept (after tapping Install) without reading the warning. That information is there for a reason.

If you’re interested in downloading a simple game, like Flapy Bird (notice the missing “p”... that’s good intel), and it insists on having your phone status and identity, do not install that app. Figure A illustrates the App permissions window. In this instance, Beats Music is being installed.

Figure A

 

Figure A
 

Beats Music being installed on an AT&T-branded Motorola Moto X.

Read the reviews

One of the first things I do when I locate an app that I want to install is read the reviews. Jump straight to the 1-Star reviews and see if there's any mention of malware or suspect behavior. If an app is heralded as a “must-have” and you find no mention of problems, the app may be safe to use -- but never assume.

If you find nothing in the reviews, check out the developer. If the app was not created by a reputable company, don’t assume that lone developer is out to steal your soul. If you find yourself wanting to install such an app, do a bit of research on the app and/or the developer. This could be as simple as running a Google search on the developers name or the app name. If any hits appear that indicate the app should be avoided, trust your instincts and avoid the app.

Google Play vs. third-party apps

At one time, I would have insisted that users never install an app outside of the Google Play Store. This is clearly no longer as safe a bet as it once was. Even still, with the Android’s ability to install apps from outside of the Google Play Store, you must exercise a great deal of caution when doing so. Do not just search for an app on Google and then install it when you find an .apk file. Unless you know with 100% certainty that the app is safe, avoid side-loading (installing .apk files from outside of the Google Play Store).

Install a well-known anti-malware solution

At one point, years ago, I was inclined to say that Android had no need for anti-malware or anti-virus software. That is no longer the case. You should have at least an anti-malware solution on your device. I highly recommend Malwarebytes. This particular solution does a great job of detecting malware (including spyware and Trojans). It’s free and won’t slow your device down or install unwanted features. 

But it’s not enough to just install a tool like Malwarebytes. This particular take on the anti-malware solution is not a real-time tool (which is why your device won’t slow down). To that end, you must manually run the tool and do so on a regular basis -- either after every app installation, nightly, weekly, etc. That anti-malware solution could quickly save you from having to deal with a factory reset -- or worse.

The Android platform is quickly evolving into one of the most widespread platforms for mobile computing. That massive rise in popularity means more targets for nefarious deeds. With a little caution and care, you can avoid falling victim to rogue developers who are out to steal your information.

What are your best practices with the Android platform? Do you exercise great caution, or do you toss caution out the window and dare some malicious software to steal your data?

 

 

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

6 comments
roger.marin
roger.marin

I highly suggest downloading blockers. They can "block" some of the permissions you agreed to when installing a particular app. For instance, some apps require permission to connect and disconnect your wifi, and I want to be in control of this and not leave it up for the app to decide whether I'm connected to a wifi signal or not, so a "blocker" will simply turn the possibility off, unless I decide to "unblock" it.  Thanks a lot Jack for keeping us informed and aware, these articles always help.

Saud Hassan Kazia
Saud Hassan Kazia

If you practice safe surfing and dont just download everything - you wont get malware. Whether on windows android or any other os, its all about being smart.

C-3PO
C-3PO

1) most people don't have a clue what those permissions really mean.

2) sometimes legitimate apps ask for things I really would prefer they didn't ask for - for instance Facebook recently added that it could read my personal and confidential information (did anyone really read that line?) But I want to use Facebook, so how do I use the application without allowing them access to my confidential information? Wouldn't it be nice if we could turn on and off each of these permissions for each application as we see fit, knowing that turning off a component might limit the usability of the application?

3) Try Lookout - it's also free but you don't have to constantly run it.

4) The store should be locked down and every application that is added should be scanned by Google before it is posted so that malware never makes it to the store. Granted this won't take care of things that slip through the cracks, but it would reduce the number of illegitimate programs by a large degree.

AnonyJew
AnonyJew

I would like to add while Malwarebytes is a great product it does have a few compatibility issues, if a user has trouble there are other applications from very good developers that offer great protection, I personally use Avast! Antivirus and Mobile Security.  LookOut is another app that although it does not have a free version per say it is relatively inexpensive considering the risk of going without.

http://www.avast.com/en-us/index

https://www.lookout.com/

Editor's Picks