Guest writer Megan Berry has some timely advice on how you can avoid avoid malware on Android smartphones and tablets.
Rule #1 of Android security: don’t download apps from websites other than Google Play for fear that you unwittingly infect your smartphone or tablet with malware. Well, not surprisingly, cybercriminals found a way to invalidate rule #1.
A security researcher at Symantec recently discovered two apps infected with malware in the app store that were quickly removed. But not before tens of thousands of users downloaded them.
This scenario is particularly troubling for companies with BYOD programs that permit Android devices to connect to their network. How do companies protect corporate assets without taking away employees’ ability to use their favorite mobile devices on the job? Especially since it seems that cybercriminals are always one step ahead of security experts.
Whether you use an Android device at home, on the job, or both, the growing threat of Android malware means it is more important than ever to take the security of your device seriously.
How to avoid malware on Android smartphones and tablets
Nothing you can do will guarantee you will never be infected with malware, but there are things you can do to minimize the risk.
· Before downloading an app, do a quick web search to check up on the developer and the app itself. Look for red flags in the search results, such as negative user reviews or complaints, that indicate you need to dig deeper before tapping that “Accept & download” button. Hint: You can visit the developer’s webpage from the app listing.
· Some malicious apps try to hide behind a legitimate brand name. Make sure the name of the developer jives with the title of the app.
· Read the app’s user reviews. Red flags will show up here, too.
· Examine the permissions of the app: are they in line with the app’s intended use? For example, does a news app really need to access your contacts or send text messages?
· IT managers should insist that employees install an Android anti-virus app. Or, better yet, insist that users turn their devices over to IT before they’re allowed to connect to the network for the first time. This way IT can install anti-virus software it has evaluated, configure it properly and enforce its use.
Android anti-virus apps: worth it or not?
The effectiveness of Android anti-virus apps is debatable, though. In a recent study, only a handful of Android anti-virus apps were found to detect most types of threats. The March 2012 study by AV-Test.org rated 23 out of 41 apps effective, or 56%. Of those 23, only 10 detected greater than 90% of known malware types.
Still, the authors of the study say any of the anti-virus apps that were found to detect greater than 65% of known malware types provide adequate protection.
Unpatched system software: Your device’s Achilles’ heel
Even though you’re careful about what apps you install and you run an anti-virus program, your device may still be vulnerable because of unpatched system software.
According to security vendor Duo Security, the speed at which wireless carriers supply updates to their users varies. Therefore, it’s possible for devices to go unprotected for long periods of time. The fragmentation of the Android platform complicates the task of rolling out updates, not to mention the fact that companies have little incentive to fix existing flaws when new devices with the latest system software are already on the shelves.
This is of particular concern for companies that allow their employees to connect their personal Android devices to the company network. It should also be of concern to employees, who may be liable if their device infects their employer’s network – many corporate bring-your-own-device (BYOD) policies place the responsibility for keeping devices malware-free squarely on the shoulders of the user.
Duo Security’s new app, X-ray, scans Android devices to discover unpatched flaws in system software. If the app finds a problem, the user can go to Settings>About Phone>System Updates to download the latest version. If an official update isn’t available via System Updates, Duo Security encourages users to contact their carrier for more information, or at the very least, exercise extreme caution when downloading apps.
Individual users can download and install the app from the X-Ray for Android website. Organizations can get an enterprise-level version by emailing the company.
The lesson here is that unfortunately, it’s no longer safe to assume that just because an app is available from a reputable source, it’s malware-free. And, educating yourself and your users, combined with tried-and-true anti-virus software, is still the best protection against the quickly evolving threat that Android malware presents.
About the Author: Senior writer for IT Manager Daily, Megan covers the latest technology news and trends impacting business.