Popularity, arguably, is a good thing, but it also comes with certain disadvantages. Take mobile devices that run on Android, for example. The number of such devices (be it smartphones or tablets) has been continuously on the rise. According to various reports, more than half of the smartphones currently used run on Android. This continuous growth also offers new market for cyber criminals to flex their muscle and spread malware. We are probably too used to desktop malware to understand the basics of mobile device security, but in this article, we will try to cover the main points.
What is the best way to deal with Android malware?
Perhaps this is where you would expect us to offer you a list of security applications that should protect you from malicious exploitations, securing your mobile device. Well, this is exactly what we are NOT going to do. Quite a few Android devices already come with built-in security applications, and we know that sometimes users have problem trying to delete those programs because for that you often need the administrator access or a rooted device. We will cover the aspect of a rooted device later on, but the point is that sometimes security applications can be a bit of a hindrance, especially if you do not have any bad online habits.
So the best way to deal with Android malware is to avoid it. And if you stay in line with the main security guidelines set by Google and the hardware manufacturers, it should be enough to protect yourself and your device from cyber criminals.
What are the aspects of Android malware?
As mentioned, Android devices are quite exposed to various types of mobile malware because the operating system is so popular. But there are certain aspects associated with Android security that are quite different from the desktop malware.
For instance, we know that the most common reason cyber criminals try to tamper with Android devices is personal data. They try to obtain it for various purposes. Also, judging from a number of infections and various reports, it would seem that mobile malware is the most rampant in Russia and China. Of course, that does not mean that users in the United States or Europe are safe. It just probably shows that their habits are somewhat safer than their counterparts’ in China and Russia.
Perhaps the most important thing about mobile malware is that you do not need to use any type of coding to bind Android apps to malicious programs. So, in a sense, Android is very easy to abuse for malware distribution. However, there is a catch to it: unlike Trojans and other desktop malware that may be able to spread on their own accord, malicious apps need user’s interaction to reach specific devices. Perhaps that is the reason people often think that mobile devices are less susceptible to malware infections. As a result, only around 5% of mobile devices have some type of security software installed. Albeit we have mentioned that it is possible to avoid malware even if you do not rely on security software, such low installation numbers may also mean that users do not grasp the potential mobile security threats.
And dangers associated with mobile malware mostly lies within short messages scams. Such scams are devised to intercept your messages and check your data. Some malware may also monitor your calls and steal personal information. So it is important that users employ the most basic security steps to avoid that.
How to protect my mobile device from malware?
The most important thing (and we cannot stress that enough) is to download apps from their legitimate sources. Be it Google Play, Amazon, Samsung, or any other source, you will definitely avoid tons of malicious apps by staying away from unreliable third-party distributors. Of course, you might say that sometimes malicious apps might be embedded in Google Play, too. But Google Play regularly checks for corrupted applications, and if any is found, they get removed immediately.
Also, even if malicious apps do get uploaded on legitimate stores, you can still recognize them by checking the reviews, descriptions, and permissions. Perhaps we are too used to installing apps without reading everything, but you should at least scan the permission list before clicking Install. After all, if some random calculator app is asking for permission to access your address book, something is definitely fishy.
Another way to avoid malicious interventions is to keep the automated updates function on. Some may argue that automated updates slow down the system and the apps may end up having new features you do not need, but updates also always come with patches and fixes. These patches and fixes for certain apps take care of potential vulnerabilities that might be exploited by cyber criminals to access your device. Hence, the default security settings should not be tampered with.
You see, when it comes to desktop malware, it usually arrives via drive-by downloads accidentally. Most of the time, users are not even aware of the fact they downloaded and installed something malicious. But, as mentioned, malware for Android require your direct interaction. Thus, if malware enters your device, it means you either already had some infection in it, or you clicked something that initiated the installation.
And this is exactly where the default security settings become useful. Even if you were to download something malicious, apps that come from Unknown sources should not pass the Google certificate screening, as Unknown sources are blocked by default. One simple setting is definitely better than a third-party app that may drain your system resources by keeping track of every single new app, your web traffic, and other activity.
We have also mentioned previously that we would cover rooting again and this where it comes from. A lot of users prefer to root their mobile device because it enables them to use administrator privileges. However, when your device is not rooted, the chances to get infected with malware are slimmer. Administrator privileges are a double-edged sword. You may gain access to big variety of system settings, but so will a malicious app that one day might enter your PC. So, from the security point of view, it is better to refrain from rooting your device.
You may also change the User control settings via Google Play app, that will initiate a pop-up asking for password each time a new app is about to be installed.
How to Set Up Content PIN
- Open the Google Play app.
- Click the three bar icon at the top left corner.
- Go to Settings and select User controls.
- Open Parental controls and create a Content PIN.
The Content PIN part of the Parental controls intended to help parents monitor what their children install on their mobile devices, but it might also be a good way to protect your device from malware.
So to take everything into account, a set of safe browsing and app selection habits should help you protect your mobile device from malicious exploitation. Needless to say, you should also consider acquiring a legitimate security tool, if you feel that constant exposure to potential threats is not something you can face on your own.
- Dan Graziano. Protect your Android Device from malware. CNet.
- Ryan Whitwam. Android Antivirus Apps Are Useless – Here’s What to Do Instead. Extreme Tech.