by Bill Snyder

Android Devices Exposed: 7 Ways to Thwart Hackers

Aug 30, 20115 mins
MalwareMobileMobile Security

Hackers are in hot pursuit of Google's popular Android OS, according to recent reports. And although mobile security threats are tiny compared to PCs, you still need to protect your smartphone, even more so if it runs Android. Here are seven tips for staying safe.

Take a deep breath. There’s a new report out highlighting a huge spike in threats against Google’s Android platform. Yes, it’s something to be concerned about. But don’t freak out or return your cool new Samsung Galaxy Tab.

Mobile threats are rising, but actual attacks against smartphones and tablets are still a tiny fraction of the number of new threats that target your PC, and to a lesser extent, your Mac. And remember the law of big and little numbers. When a number is small, it doesn’t take a huge addition to pack a big percentage change.

The news here is this: Malware targeting the Android platform jumped 76 percent in the second quarter of the year, making it the most popular target for makers of malware that attacks mobile devices, according to researchers at McAfee, the anti-virus and computer security company now owned by Intel.

The reasons for the spike aren’t hard to discern. Hackers like to attack popular platforms, and Android phones are now outselling Apple’s iPhones. In order of popularity with hackers, Android is followed by the fading Symbian operating system and Java ME. If you’re alert, you’ll notice that iOS is not in the top three; in fact it’s not on McAfee’s list at all.

To explain why, let’s take a look at a report issued by Symantec, McAfee’s major rival in the personal security business. In June, Symantec said:

  • iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.
  • Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.

Those points are essentially the same as what the McAfee researchers have to say about Android vs. Apple mobile device security.

How to Be Safe

Just because you’re statistically unlikely to be killed by a lightning strike, that doesn’t mean playing golf in a thunder storm is a good idea. Similarly, don’t take my calming words as license to pay no attention to security for your Android device. Malware is out there, and it targets personal information that you really don’t want some bad guy to get his hands on.

Here are seven things you can do to thwart the hackers.

Use a security app designed for Android: Lookout Mobile Security is getting the best reviews I’ve seen. It’s a free app (though there’s also a beefier premium version) that does a number of things, including scan downloads for viruses. It also works as a phone tracker in case your Android is lost or stolen. Lookout has a Web site that will track its location. It also allows you to wipe your data remotely, lock the phone or set off an unpleasant alarm. Finally, there’s a Web site associated with the app you can use for backup.

Always check app permissions: Whenever you download or update an app, you are given a list of permissions for that app. If an app is asking for things it shouldn’t need, get rid if it.

Don’t install Android Package files: As our colleagues at PCWorld explained: “When Angry Birds first came to Android, you could only get it through a third party. This is called ‘sideloading’ or, installing apps using an .APK file. While Angry Birds wasn’t malware, it is highly advisable not to download and install .APK files that you randomly come across. Most of the time you won’t know what the file contains until you install it. By then it’s too late.”

Bank with authorized apps only: Online banking and bill pay is a great convenience, but to be safe, only use apps supplied by your bank.

Only download popular apps: I know this sounds pretty stodgy. But there’s a reason for it. Apps that have been downloaded a lot aren’t likely to be poisoned. For that matter, they’re likely to actually be worth downloading, if you believe in the wisdom of crowds, that is.

Download from reputable publishers: If you’re uncertain about an app, do a quick search under the publisher’s name. If you find a number of apps with good reviews and lots of downloads, chances are you’re dealing with a reputable outfit.

Keep an eye on your wireless bill: Some rogue apps do things like make expensive calls to foreign numbers in order to fatten the bank account of various intermediary sites at your expense. Often the calls happen in the background or at times when you don’t realize your phone is doing something.

San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at Follow Bill Snyder on Twitter @BSnyderSF. Follow everything from on Twitter @CIOonline