We all know already that growth in the use of Android apps is unrelenting. In fact, almost half of the downloads on Uptodown are programs for the Google mobile operating system. What has never been completely clear, though, is the risk we Android users run of finding ourselves affected by some sort of malicious software after using an “illegitimate” app. That’s exactly what we’re going to clear up here today.
According to the latest study, published in August of 2013, from the information security firm Trend Micro, at the time of publication there were more than 700,000 malicious apps for Android, nearly 40% more than in the previous quarter, and now only two months later we find out that that figure has already reached a million. Among that number are counted both Google Play and external apps, with the Google store itself having surpassed a million apps this past summer.
Types of malware on Android
The nature of these malicious software is diverse, although the vast majority are related to subscribing to Premium Text Messages Services. It’s possible that you have accidentally subscribed to a service that requires your phone number to “send you information,” without realizing that they make a small charge every month for the “service” to your phone bill. I’d bet that all of you have seen this kind of banners while browsing. Keep your eyes peeled!
But most of the dangers lies within the apps themselves. It’s undeniable that Google Play isn’t exactly famous for its filters when it comes to selecting apps to include in its catalog. And although a few months ago Google did a spring cleaning and deleted more than 60,000 apps and these days has instituted a stricter policy for the new software that it allows, not a day goes by without a piece of news about some fraudulent maneuver or other inside or outside the Google store. Without getting into too many details, Kaspersky warned this week about a trojan capable of stealing your bank details via an app that tried to pass itself off as an official version. So far it has only affected the Russians, but just like vodka, it’s extremely easy for different recipes for this sort of fraud to proliferate through any other country.
Building a trap into an apparently legitimate app is a common method of entry for this type of malware. Have you ever typed “Angry Birds” in the search bar of Google Play? What comes up? Hundreds of clones and icons with colorful birds! Imagine what you’d find on the Internet if you did the same search globally. It’s easy to fall into such traps if you’re not careful, not to mention the notifications that many apps, both official and otherwise, bombard you with in your taskbar, over which your finger might accidentally slip and open God knows what sort of link. This is not to say that all “unofficial” apps are malicious, although normally the most flagrant types of fraud tend to be related with bad things. You just have apply a little bit of common sense.
What does Google have to say about all this?
According to the people over in Mountain View, only 0.001% of users have suffered an actual problem with malware on their smartphones, thanks in large part to the app verification tool included in its operating system and active on 95% of Android devices. This tool turns invisible any apps in Google Play that are suspected of being some sort of malicious software. And even if you install one of them, a warning message will pop up, meaning you need to be quite blind to fall into any traps.
What to do to protect yourself
Recently, several studies have confirmed that using an antivirus on your smartphone is not effective enough when it comes to detecting threats, meaning that the best thing to do, as I’ve already pointed out, is use a bit of good sense and verify your file sources. Downloading outside Google Play isn’t necessarily less secure.
On Uptodown we offer a huge catalog of programs for Android in APK format so they can be installed independently. We select only the programs we consider trustworthy and review all files with 46 different antivirus lists with the help of VirusTotal. Nevertheless, even the most trustworthy app might run an ad that will take you to a shady website, so it will do you no harm to look over the following bits of advice:
- Review every app thoroughly if it asks for your telephone number or personal details.
- Verify that the program you’re looking for is the official version and not a fake trying to pass for the real thing.
- Review the permissions an app requests when you install it to verify that it doesn’t have more access than it actually needs, which could indicate a possible threat.
- Keep all your phone software updated, especially apps from Google.
- Be careful when you connect to public WiFi, and when you do, use some sort of protection such as a virtual tunnel.
- Given that prevention is better than cure, you should back up all your data with security copies.
- And once again, because I can’t say it enough: USE COMMON SENSE.