The widespread existence of malware on Android is a fact that many users are not aware of, especially the so-called ransomware associated with traditional phishing or identity theft. It’s a process through which the attacker infects the information stored on the affected device and encrypts it, preventing access by the owner and asking for a monetary compensation, or “ransom” in order to get it back. To do this, the attacker attempts to trick the user by appearing to be a known service or company and thus achieve access to the login information illegally. Although this type of malicious software has always been linked to desktop computers, in reality, mobile devices are just as likely to being affected.
On a smartphone the main method of malware transmission is through downloads of fraudulent apps without user consent or by tricking users through some form of identity theft, usually through IM apps like WhatsApp or Skype. Hence it is essential to have tools to analyze documents before you install them as well as give reports on the apps you use on your smartphone. Here we offer a few tips on how to protect your device from malicious software.
Analyze your apps with Virustotal
The Virustotal service, owned by Google, lets you analyze any app through more than 50 antivirus programs and get a detailed report of the results. Besides its web versions, there’s a completely free app that, once you install it on your smartphone, will analyze all your installed apps and advise you of the ones deemed suspicious. Likewise, you can send files and even analyze URLs. That said, we should note that this app does not offer real-time protection so it should be used in conjunction with good sense and other apps that do provide some sort of firewall.
Download only from reliable sources
Check the permissions used by each app
Another thing to keep in mind when checking how reliable an app is is which permissions are required for its proper functioning. It doesn’t make much sense, for example, for a text editor to have access to your contacts, or for a supposed puzzle game to make use of your camera. While the most modern versions of the Android operating system notify you with a popup if a “sensitive” permission is required, users of older devices will need an external tool to check that everything is on the up and up. Exodus Privacy lets you review your installed apps and check if they’re using permissions that they shouldn’t be, thereby detecting whether you’re using a fraudulent version of the software in question. Plus, it will analyze the associated trackers, so you can find out where the information the app collects is being sent. [Download]
Phishing on IM apps
We’ve noted above that infection through malicious apps is the main cause of security problems. So where do they come from? Mainly links received over WhatsApp and other chat services where virality and immediacy work in favor of malware. Lots of scams are floating around on WhatsApp, with their main weapon being phishing strategies to trick unsuspecting users. In other words, luring people onto sites that try to pass as official services offering enticing promos, whether it’s skins for WhatsApp or discounts for Tesco. Plus these sites try to get users to share the malicious URLs to their contacts, and in most cases the person who’s sent you the link doesn’t even realize she’s done so.
Use common sense
No marketplace, not even Google Play, is free of fraudulent apps, and antiviruses alone are pretty useless on Android. In the end, the main firewall against infection is you and your ability to discern how reliable the pages you visit and apps you download are. Be cautious, check apps against reliable sources of information, and if in doubt NEVER click a link or an Accept button.