In 2013, more than 42,000
apps in the Google Play Store contained some form of malware — from spyware to
information-stealing Trojans. Some of these apps were known to snag a
device ID, while others were busy bypassing security features (using a Trojan
called Air Push) to subscribe a device to premium content. The apps ranged from
games to personalization to entertainment. The problem most Android users
faced was how to use their devices safely.

Before you panic and jump off the
Android bandwagon, know that the statistics for the malicious software were
collected by a company called RiskIQ. In order to qualify as a risk, a piece of
software could:

  • Collect and send GPS
    coordinates
  • Contact lists and
    e-mail addresses to third parties
  • Record phone conversations
    and send them to attackers
  • Take control of the
    infected phone
  • Download other
    malware onto the phone

There are some legitimate pieces of
software that require the first two in the list, so you have to understand that
a portion of that staggering 42K number are collateral damage to RiskIQ’s study.

With that in mind, what is the best way
for Android users to practice safe “Androiding” and avoid releasing sensitive
data into the void, damaging costly hardware, and wasting precious time with a
downed device? Here are a few tips.

Use
caution when installing apps

When I’m looking for an app, the first
thing I do is examine the producing company. If there are two apps that I’m
considering and one is produced by a known entity, I’ll choose that option first — but I still use caution. 

Let’s take a look at the recent Flappy
Bird fiasco. The game became an enormous hit, and then it was taken down by its
creator. Shortly after the take down, a number of imposter apps appeared, claiming to be the original. However, if you install one of those imposters, well… you’ll
be flapping your bird to some form of support to help disinfect your device. So, how do you avoid this type of
disaster?

Again, use caution. Say you search
for Flappy Bird, and you find a number of apps in the Google Play Store claiming the same
name. Avoid all of them. In nearly every case, you’ll find these
apps taking advantage of something — either public ignorance or high demand.
This is especially true when an app soars to such high popularity as Flappy Bird.

The next step, when installing an app, is
to pay careful attention to the app permissions during the installation
process. I’ve watched so many users simply tap Accept (after tapping Install)
without reading the warning. That information is there for a reason.

If you’re interested in downloading a simple game, like
Flapy Bird (notice the missing “p”… that’s good intel), and it insists on
having your phone status and identity, do not install that app. Figure A illustrates the App
permissions window. In this instance, Beats Music is being installed.

Figure A

 

 

Beats Music being installed on an AT&T-branded Motorola Moto X.

Read
the reviews

One of the first things I do when I
locate an app that I want to install is read the reviews. Jump straight to the
1-Star reviews and see if there’s any mention of malware or suspect behavior.
If an app is heralded as a “must-have” and you find no mention of problems, the
app may be safe to use — but never assume.

If you find nothing in the reviews,
check out the developer. If the app was not created by a reputable company,
don’t assume that lone developer is out to steal your soul. If you find
yourself wanting to install such an app, do a bit of research on the app and/or
the developer. This could be as simple as running a Google search on the
developers name or the app name. If any hits appear that indicate the app
should be avoided, trust your instincts and avoid the app.

Google
Play vs. third-party apps

At one time, I would have insisted that users
never install an app outside of the Google Play Store. This is clearly no longer as safe
a bet as it once was. Even still, with the Android’s ability to install apps
from outside of the Google Play Store, you must
exercise a great deal of caution when doing so. Do not just search for an
app on Google and then install it when you find an .apk file.
Unless you know with 100% certainty that the app is safe, avoid side-loading (installing .apk files from outside of the Google Play Store).

Install
a well-known anti-malware solution

At one point, years ago, I was inclined
to say that Android had no need for anti-malware or anti-virus software. That is no
longer the case. You should have at least an anti-malware solution on your
device. I highly recommend Malwarebytes. This particular
solution does a great job of detecting malware (including spyware and Trojans).
It’s free and won’t slow your device down or install unwanted features. 

But it’s not enough to just
install a tool like Malwarebytes. This particular take on the anti-malware
solution is not a real-time tool (which is why your device won’t slow down). To
that end, you must manually run the tool and do so on a regular basis — either
after every app installation, nightly, weekly, etc. That anti-malware solution could quickly
save you from having to deal with a factory reset — or worse.

The Android platform is quickly evolving
into one of the most widespread platforms for mobile computing. That massive
rise in popularity means more targets for nefarious deeds. With a little
caution and care, you can avoid falling victim to rogue developers who are out to steal
your information.

What are your best practices with the
Android platform? Do you exercise great caution, or do you toss caution out the window and dare some malicious software to steal your data?