The debate about whether antivirus applications are necessary on Android is one of the hottest topics in the mobile space. In fact, an online search reveals that some of the discussions about antivirus apps on Android are as heated as the old vi vs. emacs debates.
When you have a platform based on the Linux operating system, is it enough to assume the platform is immune to viruses? Or have those malicious apps and file creators finally found the ability to circumvent the built-in security of the Android platform? I’ll explore this issue, and then let Android users draw their own intelligent conclusions.
Virus vs. spyware vs. Trojan
First, let’s examine what the three types of threats mentioned most are:
- Virus: A true virus is a piece of malicious software or code that can infect a computer and then spread to other computers. Viruses are very commonly transmitted via email attachments.
- Spyware: Spyware is a malicious piece of software that collects information about users without their knowledge.
- Trojan: This software appears to serve a desirable function, but in reality, the software’s purpose is malicious.
Why are viruses, spyware, and Trojans the three types of malware that cause mobile users the most anxiety? Let’s think about this for a moment.
The Android mobile platform has a built-in Market, where users can install thousands of applications. Unlike the iPhone App Store, the Android Market does not have a rigorous vetting process, so it’s much easier for malicious applications to make it from developer to unsuspecting user. Those apps could easily be Trojans containing spyware or viruses.
The Android platform does give the user fair warning about what information or services the application must have access to in order to be installed. So when a user “okays” the installation of a flashlight tool that requires access to the user’s contacts, networking, and messaging tools, they are asking for trouble. The problem with that system is most users ignore the warnings because they have no idea what the warnings mean.
When an Android application is to be installed on the platform, permissions to specific data and/or services must be allowed. These permissions are crucial to the overall security of your system. If a rogue application is given access to certain services or data, the system could be compromised. As a general rule, this does not happen. Here’s an explanation of what some of those permissions mean and how important they are:
- Make Phone Calls: Moderate importance. This service allows your phone to access services that would cost money (such as voice calls).
- Send SMS or MMS: Moderate to High importance. This service allows your phone to send out text or multimedia messages, which could cost you money.
- Modify or Delete SD Card Contents: High to Medium importance. This service allows an application to read and write to the SD card. The primary usage of this service is to add/edit/delete files (such as pictures and other multimedia, notes, etc.) and is used by many legitimate applications.
- Read Contact Data/Write Contact Data: High importance. The description says it all, and unless that app actually requires access to contacts, there is no reason to grant an application access.
- Read Calendar/ Write Calendar Data: Moderate to High importance. The same warning for contacts applies to the calendar because calendar appointments can contain contacts.
- Read Phone State and Identity: Moderate to High importance. Applications need to know the state of your phone (otherwise, applications could easily interrupt important phone calls), but there are important Identity numbers associated with mobile phones that should not be shared (such as the IEMI or IMSI numbers). Here’s the catch: Numerous applications require access to these numbers in order to prevent piracy.
- Fine Location (GPS): High importance. Although this service isn’t going to get your data, it will know where you are. If an application being installed is based on that service (such as giving you the ability to track your child’s whereabouts or a sports logging tool) that’s fine. If not, avoid any application that wants to use this service.
- Coarse Location (GPS): Moderate to High importance. It’s the same as Fine Location, only it’s not as accurate.
- Full Internet Access: High importance. This one is a tricky one, because so many cloud-based applications (such as Twitter and Facebook tools) require always-on access. Any application that requires this service should be carefully considered. If you are sure the application needs this service, go ahead. If you’re unsure, either cancel the installation or proceed with caution.
Many services are of low importance and harmless, but the sampling of services listed above should always be carefully considered when installing applications. When those applications get past the warnings, what can they do? Since Android is based on Linux, doesn’t it inherit the same layers of security? Won’t those applications require super user access to really do any damage? The answer to all of these questions is yes, but damage is quite a relative term when talking about mobile platforms.
For example, there was a piece of malicious software that was available for a short time that promised a sneak peak at the (then) upcoming Twilight movie. Some users were so thrilled about the possibility of getting a sneak peak that they ignored what should have been a warning sign: the application needed access to both contacts and networking. When that malicious piece of software was installed, it sent out unsuspecting users’ contacts. Social engineering at its most basic.
There have been other Trojans that have reared their ugly heads, and there will be more. So, does this mean you should be installing antivirus on your Android platform? My short answer to that question is it depends on the user. If the Android user regularly checks what an application wants access to in order to install, then that user probably does not yet need an antivirus solution. However, if the Android user pays little to no attention to what they are installing or what services the apps need to access, then that user should have an antivirus solution.
This same logic applies to users who randomly download and install .apk files from the network and install those applications (instead of going through the Android Market). If you are a user that frequently does this, you might want to consider an antivirus solution as well.
An Android antivirus recommendation
The best antivirus solution for Android that I have found is Lookout. The free app will protect your phone from malicious software, as well as back up your phone, help you locate your missing phone, and allow web-based phone management. As with any software that runs in the background, Lookout will drain your battery, so if battery life is the most important feature of your phone, this may not be the app for you.
Android is fairly secure, thanks to the inherit security of the platform Android was based on. I think that if you pay close attention to permissions notices and warnings that you can skip the antivirus apps on your Android phone.