In 2013, more than 42,000 apps in the Google Play Store contained some form of malware -- from spyware to information-stealing Trojans. Some of these apps were known to snag a device ID, while others were busy bypassing security features (using a Trojan called Air Push) to subscribe a device to premium content. The apps ranged from games to personalization to entertainment. The problem most Android users faced was how to use their devices safely.
Before you panic and jump off the Android bandwagon, know that the statistics for the malicious software were collected by a company called RiskIQ. In order to qualify as a risk, a piece of software could:
- Collect and send GPS coordinates
- Contact lists and e-mail addresses to third parties
- Record phone conversations and send them to attackers
- Take control of the infected phone
- Download other malware onto the phone
There are some legitimate pieces of software that require the first two in the list, so you have to understand that a portion of that staggering 42K number are collateral damage to RiskIQ's study.
With that in mind, what is the best way for Android users to practice safe “Androiding” and avoid releasing sensitive data into the void, damaging costly hardware, and wasting precious time with a downed device? Here are a few tips.
Use caution when installing apps
When I’m looking for an app, the first thing I do is examine the producing company. If there are two apps that I'm considering and one is produced by a known entity, I’ll choose that option first -- but I still use caution.
Let’s take a look at the recent Flappy Bird fiasco. The game became an enormous hit, and then it was taken down by its creator. Shortly after the take down, a number of imposter apps appeared, claiming to be the original. However, if you install one of those imposters, well... you’ll be flapping your bird to some form of support to help disinfect your device. So, how do you avoid this type of disaster?
Again, use caution. Say you search for Flappy Bird, and you find a number of apps in the Google Play Store claiming the same name. Avoid all of them. In nearly every case, you'll find these apps taking advantage of something -- either public ignorance or high demand. This is especially true when an app soars to such high popularity as Flappy Bird.
The next step, when installing an app, is to pay careful attention to the app permissions during the installation process. I’ve watched so many users simply tap Accept (after tapping Install) without reading the warning. That information is there for a reason.
If you’re interested in downloading a simple game, like Flapy Bird (notice the missing “p”... that’s good intel), and it insists on having your phone status and identity, do not install that app. Figure A illustrates the App permissions window. In this instance, Beats Music is being installed.
Beats Music being installed on an AT&T-branded Motorola Moto X.
Read the reviews
One of the first things I do when I locate an app that I want to install is read the reviews. Jump straight to the 1-Star reviews and see if there's any mention of malware or suspect behavior. If an app is heralded as a “must-have” and you find no mention of problems, the app may be safe to use -- but never assume.
If you find nothing in the reviews, check out the developer. If the app was not created by a reputable company, don’t assume that lone developer is out to steal your soul. If you find yourself wanting to install such an app, do a bit of research on the app and/or the developer. This could be as simple as running a Google search on the developers name or the app name. If any hits appear that indicate the app should be avoided, trust your instincts and avoid the app.
Google Play vs. third-party apps
At one time, I would have insisted that users never install an app outside of the Google Play Store. This is clearly no longer as safe a bet as it once was. Even still, with the Android’s ability to install apps from outside of the Google Play Store, you must exercise a great deal of caution when doing so. Do not just search for an app on Google and then install it when you find an .apk file. Unless you know with 100% certainty that the app is safe, avoid side-loading (installing .apk files from outside of the Google Play Store).
Install a well-known anti-malware solution
At one point, years ago, I was inclined to say that Android had no need for anti-malware or anti-virus software. That is no longer the case. You should have at least an anti-malware solution on your device. I highly recommend Malwarebytes. This particular solution does a great job of detecting malware (including spyware and Trojans). It’s free and won’t slow your device down or install unwanted features.
But it’s not enough to just install a tool like Malwarebytes. This particular take on the anti-malware solution is not a real-time tool (which is why your device won’t slow down). To that end, you must manually run the tool and do so on a regular basis -- either after every app installation, nightly, weekly, etc. That anti-malware solution could quickly save you from having to deal with a factory reset -- or worse.
The Android platform is quickly evolving into one of the most widespread platforms for mobile computing. That massive rise in popularity means more targets for nefarious deeds. With a little caution and care, you can avoid falling victim to rogue developers who are out to steal your information.
What are your best practices with the Android platform? Do you exercise great caution, or do you toss caution out the window and dare some malicious software to steal your data?
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.