Android Malware: How do I protect my phone or tablet against malware and viruses?
Why does Android have malware?
The biggest reason that Android has more malware than competing mobile platforms such as iOS, Windows Phone and Blackberry is that Android is the biggest platform, thus making them the biggest target. Just like in the computer world where Windows is mostly targeted by malware because, historically, Windows has the largest marketshare. However, there are also aspects of the Android ecosystem that make Android and its users more vulnerable.
One of the most heard critics is that Android is built on open-source technologies like Linux and WebKit and some critics would argue that by making the source-code public, the platform is inherently less secure than other platform on the market that keep their source-code safely guarded. But it is often forgotten that iOS is also based on BSD Unix which is open source and one the same WebKit browsing technology Android is using. No software is perfect, but open-source efforts with sufficient developer interest have consistently proven they can sustain high quality levels over the long term.
Open Market – Although it is true that Android has seen more malware issues than its competitors, the presence of malware on Android seems to have a lot more to do with the ecosystem android is using than the technology itself. Where Apple, Microsoft and RIM offer a curated app market, the Google Play is almost free-for-all; anyone can offer their app through the Google Play market and Google allows anyone to set up their own Android market (Amazon’s App Store is probably the best known).
Types of threats
Unlike computers, Android doesn’t have traditional viruses which spread between devices. Instead, malware creators have focused on other types of exploits such as tricking the user into doing something they shouldn’t.
Malware Apps: The most common malware app is an app that claims to be a popular game or based of a popular trend and lures the user into installing it. Once the user installs this malicious app, it installs clandestine software behind the users back that might try to grab passwords and keystrokes, forward emails and address books or even credit card information to cybercriminals.
Drive-by exploits: These exploits are a bit nastier. The basic idea is to lure Android users to a specific website containing a code which exploits a vulnerability in the web browser. Once the site is visited, malicious software can be installed without the user’s permission. But these exploits are not exclusive to Android; other operating systems such as iOS and Blackberry have the same issues.
Often, social engineering or phishing techniques are used to usher users to the infected site. For instance, you might get an SMS message that looks like it’s from a carrier or service provider, urging you to download an important update.
How to protect your Android device
There are some simple things you can do to protect your Android phone from being infected and reduce the chance greatly of having problems.
Only download from trusted app stores – First of all, don’t just download any content you run in to on the web. Always make sure to download your apps from either the Google Play store or another trusted app store such as the Amazon app store or you’re mobile provider’s app store. Go to your Android device’s Applications Settings menu and disable the “unknown sources” option for installing apps. This will prevent your device from installing apps via email, the Web, or any source besides Google Play.
Research the app and the publisher – Before downloading an app, spend some time researching the publisher. Look for reviews of the app or publisher on reputable websites, see if the publisher has any other released apps and don’t always trust the reviews in the Google Play store itself since some publishers are notorious for writing their own five star reviews.
Stay away from APKs – Do not install APKs (Android application package files) directly on your phone from an SD card or USB drive unless you are sure about its content and provenance.
Always check the permissions the app is asking for – Android will always present you a list of permissions the app is asking for before installing. Make sure to read carefully through this list and some common sense will usually help you a lot here. If you are installing a clock app and the app asks you for access to your address book or location, a bell should ring. The general rule here is that if an app asks for more permissions then it needs to have to run properly, there probably is some foul play in the game.
But above all, don’t panic! Android is still a very safe operating system and with some easy precautions you’ll stay trouble free.