The year 2020 is coming to a close. In fact, this is the very last piece I will pen for TechRepublic this year, and wow, has it been a doozy of a year. Don’t worry, I’m not about to go off on the train wreck these past 365 days has been. Instead, I want to offer one final reminder for the year. I bring this reminder out now and then to serve as a cautionary tale to help Android users to better understand a truth they need to grasp.
That truth centers around the security of your mobile device. No matter how many times I pull this “oldie, but goodie” out, Android users continue to ignore best practices, only to find themselves victim of a malware or ransomware attack on their mobile devices.
It doesn’t have to be that way.
SEE: Identity theft protection policy (TechRepublic Premium)
Google’s Play Protect is part of the problem
Google’s Play Protect gives users a false sense of security. Play Protect is supposed to protect devices from installing software that contains malware. For the most part, it does a pretty good job.
Read that sentence again. It should read, “Play Protect does a great job of preventing malware from finding its way on your devices.” Unfortunately, it doesn’t.
In fact, Play Protect hasn’t stopped malicious software from getting uploaded to the Play Store and then installed on devices around the globe. Anyone that shrugs off security, assuming they are protected, is living under a false equivalency.
Everyone, say it with me: “Google Play Protect is not guaranteed protection.” It’s as simple as that. The problem goes even deeper, because the anti-malware tools found on the Google Play Store aren’t much better. What’s an Android user to do? You certainly cannot always count on that Protected by Play Protect badge as you install apps (Figure A).
I’m not saying Google shirks its duties in protecting users. In fact, Google does a pretty good job with the task of security. However, Google faces down almost impossible odds every single day. Just like with banks, hackers are always thinking up new ways to steal data. This puts companies like Google on the defensive and being in such a position is never good. Reactive security cannot guarantee protection. Because of that, no one’s device will ever be 100% safe, unless it’s turned off. However, the average human cannot function with their phones off.
How to be protected
What can you do? Follow this list of advice I’ve given over the years:
Never install software from outside of Google Play Protect.
Only install the apps you must use.
Don’t sideload applications. Period. Ever.
Do not install applications without descriptions.
Don’t install apps with few reviews.
Before installing an app, check out the developer (information found in the Developer Contact section). Look them up–if you can’t find any information about them, avoid the app.
Before installing an app, do a Google search to see if there are any known issues.
Only install applications from known entities (such as Google, Amazon, Spotify, etc.).
If given the choice between purchasing an app or using a free app with ads, always go with the purchase option as ads are one of the more popular ways to inject malware onto a device.
Avoid apps with titles or descriptions in broken English. Apps on Google Play that contain malware have titles like (and these are legitimate apps which have been found malicious): Cream Trip, Crush Car, Desert Against, Find 5 Differences, Find Hidden, Iron It, Jump Jump, Money Destroyer, Rolling Scroll, Shoot Them, Shooting Run, and Sway Man.
That might seem like quite a long list of things to consider when installing applications on your Android device. Think about it this way: The more precautions you take, the less likely you will have to deal with a malicious piece of software stealing your data or holding your phone ransom. Although the list above isn’t a guarantee, it will go a long way to improve the out-of-box security experience found on Android.
On top of that, if you approach mobile, and even desktop, security in such a way that you keep in mind it’s not a matter of if but when, you’ll be much more inclined to use a healthy dose of caution.
Hopefully 2021 will be the bearer of much good news for everyone, but as far as your Android device security is concerned, don’t think that because 2020 is now in the rearview mirror you’re safe. Without using a great deal of caution, you might well wind up the victim of malware.
Be safe, so you don’t have to be sorry.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.