In 2016, a major anti-virus company reported that Android based malware packages had tripled in the past year to over 8.5 million. While this huge number is suspicious considering the source, i.e. a company that sells a subscription to their mobile security product for $15 a year, mobile malware is still an exploding issue. ArsTechnica is a good website for unbiased, in-depth analysis of mobile threats.
The biggest headlines from the past year have been concerning:
- 7/2016 – 10 million Android phones infected by all-powerful auto-rooting apps
- 11/2016 – 1 million Google accounts compromised by Android malware called Gooligan
- 1/2017 – Virulent Android malware returns, gets > 2 million downloads on Google Play
- 4/2017 – Android devices can be fatally hacked by malicious Wi-Fi networks
If you are not convinced yet, the website 9to5Google says that “A New Example of Android Malware is Discovered Every 10 Seconds.” Even an innocent game guide with cute graphics that your child downloaded can hide nasty malware called “Falseguide.”
In response, the security website Malwarebytes now has a section for mobile malware and the descriptions look like the traditional descriptions of malware with headings like: “Spyware, Potentially Unwanted Programs (PUPs), and Ransomware.”
Malwarebytes also provides some best practices for avoiding these dangers. In a recent blog post, they strongly recommend only installing apps from the Google Play Store and blocking other App Stores by turning off the setting in Android called “Unknown Sources” (Settings > Security).
They also recommend Checking Permissions of installed apps. If that “innocent” game guide mentioned above pops up a permission request screen asking for full device admin rights, that’s a subtle clue that something is very wrong.
Another suggestion is to be wary of something they call “You Get What You Pay For.” This is also known as, “If You’re Not Paying, You’re the Product.” For example, Gmail is free for a reason. Google is making a lot of money from (anonymous) access to your emails. Google might be a good tradeoff for the valuable services they provide, but free VPN providers that sacrifice privacy, free games filled with ads, and free utilities that can kill battery life and use data are not worth the savings of $0.99.
If you are using an iPhone, 95% of the comments above don’t apply to you. This was discussed in the recent post, “How Secure is an iPhone.” While this could change, it would be front page news. Still, be careful with the permissions you give iOS apps and beware of freebies.
Finally, don’t forget to backup your phone and use strong passcodes! More about that in future posts, but for now at least activate cloud based backup for your iPhone (Settings > iCloud > iCloud Backup) or Android (Settings > Backup & Reset).