Smartphones

Are antivirus applications necessary on the Android mobile platform?

To install antivirus applications or not to install antivirus apps is a conundrum that confounds some Android mobile users. Jack Wallen weighs in on this debate.

The debate about whether antivirus applications are necessary on Android is one of the hottest topics in the mobile space. In fact, an online search reveals that some of the discussions about antivirus apps on Android are as heated as the old vi vs. emacs debates.

When you have a platform based on the Linux operating system, is it enough to assume the platform is immune to viruses? Or have those malicious apps and file creators finally found the ability to circumvent the built-in security of the Android platform? I'll explore this issue, and then let Android users draw their own intelligent conclusions.

Virus vs. spyware vs. Trojan

First, let's examine what the three types of threats mentioned most are:

  • Virus: A true virus is a piece of malicious software or code that can infect a computer and then spread to other computers. Viruses are very commonly transmitted via email attachments.
  • Spyware: Spyware is a malicious piece of software that collects information about users without their knowledge.
  • Trojan: This software appears to serve a desirable function, but in reality, the software's purpose is malicious.

Why are viruses, spyware, and Trojans the three types of malware that cause mobile users the most anxiety? Let's think about this for a moment.

The Android mobile platform has a built-in Market, where users can install thousands of applications. Unlike the iPhone App Store, the Android Market does not have a rigorous vetting process, so it's much easier for malicious applications to make it from developer to unsuspecting user. Those apps could easily be Trojans containing spyware or viruses.

The Android platform does give the user fair warning about what information or services the application must have access to in order to be installed. So when a user "okays" the installation of a flashlight tool that requires access to the user's contacts, networking, and messaging tools, they are asking for trouble. The problem with that system is most users ignore the warnings because they have no idea what the warnings mean.

When an Android application is to be installed on the platform, permissions to specific data and/or services must be allowed. These permissions are crucial to the overall security of your system. If a rogue application is given access to certain services or data, the system could be compromised. As a general rule, this does not happen. Here's an explanation of what some of those permissions mean and how important they are:

  • Make Phone Calls: Moderate importance. This service allows your phone to access services that would cost money (such as voice calls).
  • Send SMS or MMS: Moderate to High importance. This service allows your phone to send out text or multimedia messages, which could cost you money.
  • Modify or Delete SD Card Contents: High to Medium importance. This service allows an application to read and write to the SD card. The primary usage of this service is to add/edit/delete files (such as pictures and other multimedia, notes, etc.) and is used by many legitimate applications.
  • Read Contact Data/Write Contact Data: High importance. The description says it all, and unless that app actually requires access to contacts, there is no reason to grant an application access.
  • Read Calendar/ Write Calendar Data: Moderate to High importance. The same warning for contacts applies to the calendar because calendar appointments can contain contacts.
  • Read Phone State and Identity: Moderate to High importance. Applications need to know the state of your phone (otherwise, applications could easily interrupt important phone calls), but there are important Identity numbers associated with mobile phones that should not be shared (such as the IEMI or IMSI numbers). Here's the catch: Numerous applications require access to these numbers in order to prevent piracy.
  • Fine Location (GPS): High importance. Although this service isn't going to get your data, it will know where you are. If an application being installed is based on that service (such as giving you the ability to track your child's whereabouts or a sports logging tool) that's fine. If not, avoid any application that wants to use this service.
  • Coarse Location (GPS): Moderate to High importance. It's the same as Fine Location, only it's not as accurate.
  • Full Internet Access: High importance. This one is a tricky one, because so many cloud-based applications (such as Twitter and Facebook tools) require always-on access. Any application that requires this service should be carefully considered. If you are sure the application needs this service, go ahead. If you're unsure, either cancel the installation or proceed with caution.

Many services are of low importance and harmless, but the sampling of services listed above should always be carefully considered when installing applications. When those applications get past the warnings, what can they do? Since Android is based on Linux, doesn't it inherit the same layers of security? Won't those applications require super user access to really do any damage? The answer to all of these questions is yes, but damage is quite a relative term when talking about mobile platforms.

For example, there was a piece of malicious software that was available for a short time that promised a sneak peak at the (then) upcoming Twilight movie. Some users were so thrilled about the possibility of getting a sneak peak that they ignored what should have been a warning sign: the application needed access to both contacts and networking. When that malicious piece of software was installed, it sent out unsuspecting users' contacts. Social engineering at its most basic.

There have been other Trojans that have reared their ugly heads, and there will be more. So, does this mean you should be installing antivirus on your Android platform? My short answer to that question is it depends on the user. If the Android user regularly checks what an application wants access to in order to install, then that user probably does not yet need an antivirus solution. However, if the Android user pays little to no attention to what they are installing or what services the apps need to access, then that user should have an antivirus solution.

This same logic applies to users who randomly download and install .apk files from the network and install those applications (instead of going through the Android Market). If you are a user that frequently does this, you might want to consider an antivirus solution as well.

An Android antivirus recommendation

The best antivirus solution for Android that I have found is Lookout. The free app will protect your phone from malicious software, as well as back up your phone, help you locate your missing phone, and allow web-based phone management. As with any software that runs in the background, Lookout will drain your battery, so if battery life is the most important feature of your phone, this may not be the app for you.

Conclusion

Android is fairly secure, thanks to the inherit security of the platform Android was based on. I think that if you pay close attention to permissions notices and warnings that you can skip the antivirus apps on your Android phone.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

18 comments
RangaK
RangaK

Majority of android based problems can be pointed to third party apps and those that use their phones without any av are at a higher risk simply cause there is nothing between you and the app. Been using quickheal for the past few months -pretty handy..blocked two apps already..

alexdavid
alexdavid

Well in my opinion antivirus is must for androids if you download apps or games from third parties and if u only download apps or games from google play store then its optional to have antivirus installed some time i have to download apps for third parties so i have installed Appriva cloud antivirus which you can download from google play store it automatically scan app while they are downloading and if they are infected it will stop and download and warn you about it here is link if u guys wana try it out https://play.google.com/store/apps/details?id=com.moobila.appriva.av&hl=en

sigmoceleb
sigmoceleb

The use of the mobile devices has continued to grow and this growth has been matched in the growth of cyber attacks aimed at these devices. The growth of the mobile app niche has also seen an increase in the threats hidden and associated with many apps. Other applications have been made in such a way that they will download malware and such programs like key-loggers and others that will record phone calls and the text messages. Work towards getting the best antivirus for mobile. Here are some useful resources in finding the best antivirus for mobile: www.avg.com/antivirus-for-android and http://georgecm.hubpages.com/hub/best-free-antivirus-for-android for further reading.

Ken4354
Ken4354

Great analysis. Good job! Some apps are cool though; I am currently using AVG's mobile security apps. http://www.avg.com/antivirus-for-android It seems cool. I have not noticed any slowdown. It scans automatically every app I install, plus few other great functionalities.

francisco.augusto
francisco.augusto

Why the apps need this level of access to the data! Why the Android market is not secure to guarantee the apps. It??s a shame, all the market it??s vunerable and I just need a smartphone to keep my access into my stuff and do some phone calls and we pay a lot for this unsecure environment.

gandoe
gandoe

So it would seem that there should be an App which scans other Apps and displays the permissions accorded to them....so that you can easily review your security level at any point in time...right? I just checked through the settings on my new Android phone and didn't see anything that provided that info. So I too would agree with the dashboard warning light idea

gandoe
gandoe

So it would seem that there should be an App which scans other Apps and displays the permissions accorded to them....so that you can easily review your security level at any point in time...right? I just checked through the settings on my new Android phone and didn't see anything that provided that info. So I too would agree with the dashboard warning light idea

CharlieSpencer
CharlieSpencer

if you know enough to root a device, don't you already know enough to be aware of the security risks? Or are more non-techies undertaking this operation than I'm aware of?

RASkelton
RASkelton

Is there currently an app or built-in Android function that will scan the currently installed applications and report which ones are configured for each of the specified permission types? I have never seen such an app, but I will use it if available, on my own phone but especially my son's... Perhaps this is or can be part of an anti-virus app, and hopefully will allow me to disable any specific permission which I feel is excessive.

dvd.moore
dvd.moore

I was hoping to see the matter of security on rooted Android devices addressed. It is a subject that is of interest to a considerable sector of the community.

Zzyzyx
Zzyzyx

You've hit on the fundamental problem when evaluating whether or not to install an app. You say, "most users ignore the warnings because they have no idea what the warnings mean." I've looked at the permissions for some applications and have no idea why they need access to a particular permission. I'd love to either better understand why the app needs the permission or be able to disable the app from having that one permission. Neither is possible. So, when you say, "if you pay close attention to permissions notices and warnings," we've hit upon a conundrum. I'd say the average user (like my sister-in-law who doesn't even know what "a Linux" is) has no idea whether or not a particular application will be harmful or not. Rather than going down the techno-speak pathway that Linux has always done and which makes it unintelligible to the uninitiated, I think the Android operating system should take the approach you have used above and advise users in a "High/Medium/Low" way whether an app is likely to be a threat or not. Someone is likely to say that this is the users' fault because if they just took responsibility to educate themselves about how operating systems work, then this wouldn't be a problem. And I'd like to say to them, "If you only knew all the building codes and told the contractor how to build your house right the first time, you wouldn't be in this pickle of having a house that is junk." (Or substitute any profession that you happen to not know anything about and rely upon professionals to guide you.) There is a two edged sword here. Users certainly need to know something, but Technologists need to do a better job to make the technology meet the average 21st century user where they are today.

seanferd
seanferd

Undoubtedly. I'm guessing that the usually inaccurate buzzword "piracy" was intended, however. So, these numbers are needed to prevent infringement? How? And why not, then, have an "app number" for the device for this express purpose? Why is the stupid always built right in from the bottom up? "Since Android is based on Linux, doesn???t it inherit the same layers of security?" Like what distribution? "Based on Linux" is nearly meaningless when the rest of the OS isn't designed with privacy and security in mind. I'm not saying this is true of Android, I don't know. But I wouldn't use, say, Ubuntu for any purpose where security is expected. Even the best AV is of no use for stupid users. Just like the label on a lawnmower deck strongly advising the operator not to place hands under the machine while running, information and alerts on suspicious applications will be studiously ignored by those who want what they want and are always in a hurry to get it.

kwarnick
kwarnick

you hit right on the button. IT has always blamed it on the end user for installing a virus. weather on a computer or phone. They use the word Stupid above to describe the common user, when in fact they are the stupid ones. IT's job is to try and make sure that the user is as informed as possible. And when they get a virus IT should explane how they got it and use the time to teach the user how not to get it the next time. NOT CALL THEM STUPID

CharlieSpencer
CharlieSpencer

This isn't Linux-specific. I see it every day with my hundreds of Windows users. "Hey, that error came up, but I just hit 'Continue'." "Uh, which error?" "That Microsoft one." "What did it say?" "I dunno, I just hit 'Continue'." This isn't even computer-specific; just ask any mechanic how many customers are driving around with 'Check Engine' lights on. People just ignore warning flags if it inconveniences them, no matter how they're presented.

lshanahan
lshanahan

"'Based on Linux' is nearly meaningless when the rest of the OS isn't designed with privacy and security in mind." Very true, but in some respect Linux advocates bear responsibility because they have been vehemently insisting for years that JUST because someone uses 'Linux' they are utterly immune to viruses, etc. An OS is only *one* part of the security equation., but many (not all) Linux fans treat it as if it were the ONLY part. (BTW - like the Kosh avatar)

Zzyzyx
Zzyzyx

This is true. In fact, the car analogy was one I was thinking about discussing. The check engine light is analogous to "caution" (Oxygen sensor or some usually minor problem) and the red oil light is analogous to "critical warning". People don't drive long (one way or the other) with the red engine oil light on, but while advisable to get the engine checked you can usually drive a long time with the Check Engine light on.