5 Easy Ways to Protect Your Android Phone from Malware
Worried about your Android phone after the recent malware scare? Here are five things you can do right now to guard yourself.
The recent malware scare on Android phones broke new ground for mobile viruses: It was the first piece of Android malware to appear in Google's official App Market, and it was the most sophisticated piece of Android malware seen to date. DroidDream, as the now-infamous trojan was called, turned out to be a nightmare for users, as it was able to "root" any phone it was installed on, giving total control to the developer. If there was any doubt that mobile malware wasn't a serious threat, the appearance of DroidDream just shattered it.
If you're an Android user, you may be worried about the security of your phone. The good news is that virtually all mobile malware threats require some kind of conscious action on the part of the user—malware can't just penetrate your phone without you doing something that makes that happen (for example, installing a malicious app). That said, the most DroidDream incident shows that mobile malware is more sophisticated than ever.
"The frequency and sophistication has been increasing substantially," says John Hering, CEO ofLookout, a software security company that focuses exclusively on mobile devices. "It started off being more information theft. This was actually a root exploit. Once [DroidDream] hacked the phone, it dropped a command-and-control infrastructure. And it has complete control, waiting to be told what to do."
Scary stuff. Google eventually deleted the offending apps from users' phones and patched them to be resistant to further exposure to the trojan, but if those users had followed some simple anti-malware rules, DroidDream would never have spread. Here are some simple steps any Android user can take to inoculate themselves against mobile software threats.
1. Download Apps Only from Trusted Sources
This is dogma for guarding against malware on any platform. In the DroidDream incident, shady developers pirated existing apps and re-posted them with slightly different names (and the trojan) on the Android Market. But looking at screencaps of the apps versus the originals, they all use the generic Android icon instead of a more distinctive graphic that a legit developer would use. Also, the developers' names, "Kingmall2010" and "we20090202" among them, are dead giveaways. Clearly these guys aren't on the up and up.
Android's open nature by and large lets developers post new apps to the App Market virtually at will. And while Google does some vetting, it doesn't "whitelist" every app like Apple does with iOS. That's led to impressive growth for the platform, but part of the tradeoff means incidents like the DroidDream trojan scare. So be careful before you download; if it's not a company you recognize, do some research before letting that app live on your phone. Check out the ratings and reviews, and look at the app's permissions very closey—there's no reason for a wallpaper app to have access to your personal data, for example.
2. Protect Your Phone with a Password
It's a simple thing to do, yet so many don't. Using a password is the easiest thing you can do to protect your phone from spying eyes. Using a fingerprint lock would be even better. While a lock alone isn't going to ensure complete protection, it will prevent almost all "analog" hacking (i.e. physically looking at your phone)—not to mention put your mind at ease for those inevitable times you accidentally leave the phone in cab or restaurant.
Click on the "Next Page" link below to see three more easy ways to beef up protection on your Android phone.
3. Install OS Updates as Soon as They're Available
In the DroidDream scare, the hackers had used the malicious apps to attack phones via known vulnerabilities in Android. Those vulnerabilities had been patched, however, in more recent versions of the OS. Granted, Android is fragmentized—it's hard to know what version your phone can upgrade to—but when you get an upgrade notification, you should install it immediately. With every update, Google routinely closes up holes that malware authors can exploit.
4. Don't View Sensitive Information on Public Wi-Fi
Wi-Fi is one of the most beneficial inventions for PCs in the last decade, bringing wireless Internet access to virutally every coffee house in the country. But that's exactly the problem—anyone can walk into that coffee house and get on the same network you're using. If your Wi-Fi network is unsecured, you should think twice about doing anything particularly sensitive (like firing up that banking app).
5. Install a Mobile Security App
If you're already doing numbers 1-4 on this list, you probably don't really need to take this extra step. After all, mobile OSes are inherently more secure than their PC analogues, and apps are more isolated from each other. However, installing a security app (from a trusted source, of course) can't hurt, the apps are often free, and there can be extra benefits as well. For example, Lookout's premium Android app (there's a free version, too) will analyze all the apps on your phone and tell you the permissions each and every one of them—handy if you tend to download random Android games with abandon. Many of the major players in PC security—Symantec, McAfee, Norton, and Juniper—all make free security apps.
No comments:
Post a Comment