The smart phone has become the go-to device for talking, texting, web browsing, picture taking, and even banking. Millions of phone applications (Apps) are downloaded daily to enhance the individual experience and cater to the users many needs.
However, just as viruses invade computers, phones are also a prime target for malicious programs that are commonly distributed to the user in apps containing viruses, malware, ransomware, bugs, etc. Just because it’s available in the App Store, doesn’t mean it is safe. Keep your phone and sensitive information safe by following a few simple rules when downloading software to your device.
Keeping Yourself Safe
What constitutes a malicious app? As the name indicates, a malicious app typically does something to either compromise the phone (i.e., turning it into a bot) or cause damage to the phone user — leaking personal information or increasing the phone bill — without the user’s knowledge. According to the Android Developer Content Policy, malicious apps are defined as: “Viruses, worms, defects, Trojan horses, malware, or any other items that may harm user devices or personal data.”
Read Reviews
Think before you download. One of the best features in all the app stores is the wealth of user reviews of the apps. If an app has a problem or is a malicious app in disguise, then you can be pretty sure that some reviews of it will say so: “Warning! This app is no good!” or “This cost me $100 in text message charges!” When you see those kinds of reviews, avoid the app like the plague.
Check The App’s Source
Apps from well known publishers are probably safe. Make sure you’re downloading an app from a major publisher so you don’t accidentally download a fake title ridden with malware. If you don’t know an app’s original publisher, you can always search for it by name on Google. The publisher’s website should be one of the first results to turn up.
iOS
Not all third-party sources of apps are bad, but the odds are much higher. For a platform like iOS, you have to go out of your way to jailbreak the device in order to use apps that aren’t approved by Apple.
Android
Android users may not be as conscious of the threat because third-party app repositories are normal for that platform. Still, the safest source of Android apps is the official Google Android Market, or at least an app store from a trusted source like the Amazon App Store. To avoid shady apps, you should deselect the “Unknown sources” option in the Android Applications Settings (above).
Windows Phone
The Windows Phone Store is the exclusive consumer source of Windows Phone apps. Every app is tested for potential malware and performance issues and certified by Microsoft before being released to the Windows Phone Store. No system is perfect, but if they discover a malicious app through user feedback or reporting, they remove it.
Double Check the App’s Permissions
Current mobile operating systems have enough security in place that apps generally have to request permission to access core functions and services of the device. Think about the permissions you are granting before you accept them. Does that Sudoku app really need access to your contacts, camera function, and location information?
Use Anti-malware Software
Anti-malware software can help detect and identify any threats that slip past your defenses. As the mobile market grows, and the malware developers take notice and begin to target it, the security vendors–like McAfee–are working to try and stay a step ahead of the malware attacks with security tools and software.
Here are a few reputable anti-malware companies that produce a mobile version of their software:
- Malware Bytes
- Norton Security
- CCleaner
Keep personal info personal
Just because an app asks for your personal info doesn’t mean you need to give it out. This ties in heavily with permission review. Think twice before entering any sort of contest or prize giveaway an app suggests. Don’t give it permission to automatically send text messages, post to Facebook, or use your address book data. Keep your personal info private.
Known Malicious Apps to Watch Out For
Many malicious software apps have been identified but here are a few of the most notorious to be on the lookout for when downloading a new application.
RuFraud
This Trojan virus that affects Android devices presents itself as a free version of a real app like Angry Birds. When it is run, it asks for permission to send text messages. Once granted, it begins sending premium rate text messages that cost $5 each, which get charged to your wireless account. You won’t even know you’re being charged until you review your bill.
Droid Dream Light
Here’s a malicious virus that modifies Android apps, then distributes the modified versions to Google Play. This bit of code is pretty nasty; once it’s on your device, it auto loads when you receive a call. It then sends sensitive data about your smartphone (like its model, International Mobile Equipment Identity, International Mobile Subscriber Identity, and software development kit) to a remote server, where it can be used for a wide variety of malevolent ends.
GGTracker
This is another Trojan that will kill your expense account. This code is installed after you click on an in-app advertisement. Once you’ve clicked, you’re directed to a malicious website resembling Google Play’s installation screen that persuades you to install and download an app. The app contains the malicious GGTracker code, which then subscribes you to premium SMS subscription services that may charge up to $9.99 per month.
FlexiSpy
Affecting Android, Apple, and Symbian devices, FlexiSpy is a scary piece of software. Not only does it provide live call interception to other phones, it also offers your smartphone access to spy on SMS, emails, GPS location, and call records. It’s being marketed as a tool to keep track of children with smartphones and to catch cheating lovers red-handed, but we all know how this can be used for nefarious activities as well.
Summary
All major app distributors (such as Apple, Google, and Windows) prioritize keeping all the apps they offer safe and secure. Both Google Play and the Apple App Store have options for reporting malicious apps should you find one. Once an app is reported, it’s quickly reviewed by trained security experts and removed if it’s found to be corrupt. However, even with companies doing their best to protect our privacy, it always pays to be on the lookout and remember the following rules when downloading apps:
- Read the reviews for each app. Other users’ experiences can tell you a lot about how an app functions or if it contains malicious content.
- Check the app’s source. While apps from major publishers are usually safe, it’s always good to confirm the source is genuine by visiting the website for the publisher. Make sure you have “unknown sources” unchecked on Android Applications Settings to weed out potential threats.
- When installing an app, be sure to double check the permissions the app will have access to. If it doesn’t make sense for an app to have access to certain things, don’t download it.
- Use an anti-malware software created by a reputable publisher.
- Don’t allow every app to have access to your personal information such as name, address, passwords, billing info, etc. This can save a lot of headache if your device ever gets infected.