Five simple ways to avoid Android malware

Five simple ways to avoid Android malware

Summary: Android malware really is everywhere, but you can keep yourself safe by following some simple rules.

SHARE:

It's weird. Linux, which is Android's foundation, has almost no malware to speak of. Trend Micro, however, predicts that there may be as many as a million Android malware threats by the end of the year. What's going on here?

JuniperMalware
Make no mistake about it, there are a real Android malware problems. (Credit: Juniper Networks)

Part of it is that Android is being targeted because it's extremely popular. The research company Canalys found that Android is running on 59.5 percent of all smart mobile devices that were shipped in the first quarter of 2013. Thus, as Juniper Networks Mobile Threat Center (MTC) reported, "Just as commercial sales teams have learned to 'fish where the fish are,' cyber criminals are focusing the vast majority of threats on Android (PDF Link) and its open ecosystem for apps and developers. By March 2013, Android was the target of 92 percent of all detected mobile malware threats."

But Linux is popular too. Windows is still number one on the desktop, but on all other platforms Linux is on top. So, why is only Android where there's trouble? It's easy.

Android users are doing it to themselves. Android makes it far too easy to install bad software. If you want to use your Android phone or tablet safely, just obey these simple rules and you'll be much safer. 

1) Don't visit, and whatever you do download, materials from suspicious Web sites

The security company Blue Coat has found that pornography is a key threat vector. "In 2012, the most dangerous place for mobile users was pornography. More than 20 percent of the time that a user went to a malicious site, they were coming from a pornography site."

So, just avoid dodgy sites and you'll avoid a lot of malware. It's that's easy.

2) Don't download programs from third-party Android stores

Juniper Networks has found that "third-party marketplaces have become a favored distribution channel for malware writers." Juniper added, "Third-party application stores are the leading source of the most common type of Android malware, fake Installers, which pose as legitimate applications."

Sure, if your carrier company or device vendor provides you with an app store, you can use it. Generally speaking, though, if you stay away from third-party Android stories and stick to the Google Play store, you'll be a lot safer.

3) Look carefully at any program before you install it to make sure it's legitimate and it only asks for necessary permissions.

You should be wary of unknown programs even on the Google Play store. True, Google has made big strides forward in keeping malware out of the Google Play store with its Bouncer program, which detects developer-uploaded malware, but there's still bad programs within its virtual walls as well. A recent fake BlackBerry Messenger Android app made it to Google Play and was pulled only after 100,000 people downloaded it.

So even on Google Play, look carefully at each application before you install it. Are many people using it? Does it have good reviews? Is it really from who it says it is? The Blackberry malware, for example, was successful because it said it was from RIM... but Blackberry had stopped using that name in January 2013.

You should also check the permissions of any program that you install. Why should a game, for example, need to send a text?

If you're not sure what's what with permissions, look on the Google Play site to see what the developer has to say about his or her app's permissions. It he or she doesn't have anything to say, stay away.

4) Upgrade, if possible, to the latest version of Android.

Another way to improve your safety is to upgrade your phone or tablet to Android 4.2, Jelly Bean. According to Juniper, 77 percent of Android malware makes its owner money by sending premium SMS messages. With 4.2, Android notifies you if an application attempts to send SMS to premium testing services with additional charges. You can then decide if you want to allow the application to send the message or to block it.

5) Use A/V software.

Finally, while Android anti-virus (A/V) software is not a cure-all, with so much malware out there you should no more run an Android device without A/V protection these days than you would run a Windows PC without A/V protection.

If you've been using Android for a while, you might think that A/V software is useless. True, there was a time when most popular A/V software was junk. Things have changed.

AV-Test
Today, most Android A/V programs do a good job of protecting you. (Credit: AV-Test)

In the Februrary 2013 AV-Test Android A/V tests  (PDF Link), the AV-TEST test laboratory found that 21 A/V apps "were able to achieve excellent results." These tests were run on a Samsung Galaxy Nexus with Android 4.1.2 against a reference set of nearly 1,000 pieces of malware.

The top four programs were: First place, TrusttGo; Second went to that old favorite, Lookout; and third was a tie between Norton Mobile Security and Trend Micro's Mobile Security.

I know many of you will see this as an annoyance. Let me put it to you this way: Would you rather go to some trouble now, or pay a $500 phone bill for bad SMS calls or find all your credit card numbers have been sold off to the highest bidder?

Me? I'll go to the trouble of making sure my Android devices are as safe as I can make them.

Related Stories:

Topics: Android, Google, Mobility, Security, Smartphones, Software, Tablets

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

107 comments
Log in or register to join the discussion
  • Or don't buy a iphone sea of tiles knockoff

    and get a wp8 instead
    everss02
    • "Or don't buy a iphone sea of tiles knockoff"

      I didn't know the iPhone ran android.
      icyrock
      • the serious answer is of course

        Buy a Nokia Windows Phone 8
        If you do one thing this weekend pop into a store and ask to see how Kids Corner works. Then check out the Windows Phone Store and see that you're covered wrt apps and finally use IE on the phone and see how well the browser works for everything else.

        It will make you realize just how good WP8 is.

        thank me later
        Hubi
        hubivedder
        • escape windows

          then do not use a Windows PC, are infested with virus, and you do not need to install applications to catch virus, only to open your email or a flash drive you can be contaminated!
          Henrique Dourado
          • hubivedder hypocrite

            hubivedder hypocrite
            Henrique Dourado
        • Windows Phone is junk

          Don't listen to random posts on the internet. They are Microsoft's viral sales team.
          Mark Str
        • hillarious proposition

          if there are million malware for android you bet there is a billion for windows.

          suggesting windows over anything in security arena is just hillarious.
          ljenux
        • But

          There is hardly any third party support for Windows phones by third party app developers.
          RichDavis1
    • Or better still

      1/ Stop believing any old junk reporting on the internet. that's quite clearly a financed agenda full of mistakes "only 4% of handsets run Jellybean"? Really?? According to official numbers it's 33% Way to go...

      2/ Don't turn off the onboard malware protection. You that big warning that pops up if you try and allow the ability to install from a non-Google apps store. Funny that this tripe fails to mention this, but prefers to try and get you to buy a snakepoil AV "solution".

      The writer of this "news" should hang his head in shame. I'm guessing he is out celebrating with the big fat Microsoft/Apple/Kaspersky check that just landed in the post, whoever it is that's sponsoring it behind the scenes.
      Mark Str
      • "celebrating with the big fat Microsoft/Apple/Kaspersky check"

        A check from MS? You clearly don't know SJVN.

        The post actually contains pretty good advice, even if the stats were off (I have no way of confirming this, since you didn't post a source).
        Ndiaz.fuentes
      • TrustGo Mobile Security is FREE

        So, not sure they're paying anyone to promote their product. Besides, they don't need to, it's an excellent product. If you have an adroid device, check it out.
        chuckharold
  • A simpler way

    Buy and use an iPhone, iPad and/or iPad Mini.

    UNIX: "the Real Thing"
    Rabid Howler Monkey
    • no

      they won't allow me to do the things I want to do.
      drwong
      • Isn't that a fascinating response

        I choose not to use desktop Linux because it won't allow me to do the things I want to do.
        toddbottom3
        • allows you

          to get LOVELETTERs and be sincerely DRM-ed?
          eulampius
        • I choose not to use desktop Linux because it won't allow me to do the thing

          "s I want to do."

          Like getting infected with malware?
          guzz46
        • That's the same reason I don't use Windows

          That's interesting because that's the same reason I don't use Windows on my personal computers. More specifically, I don't use Windows because it doesn't do exactly what I tell it to. I use Linux instead, where I can choose exactly how much control I want to have.
          CFWhitman
  • This article is great, coming from SJVN himself...

    because I personally think that it proves the fact that ANY operating system, no matter what development or licensing model it uses, can catch malware as long as there are users sticked to the platform. The statement that Linux and other operating system derived from it can't catch malware because of the security they have is a myth. Malware will be there where users and money are. If Linux rises on the desktop in the next 20 years, it would happen the same thing that on Windows with malware.
    leonsk29
    • leonsk29

      I personally think that you don't know much about the subject.
      >>The statement that Linux and other operating system derived from it can't catch malware because of the security they have is a myth.
      The statement is also a myth. The statement was not that "GNU/Linux or *BSD are perfect", it was rather that "Microsoft Windows was and is outrageously insecure by design" I hope that you see the difference.
      >>If Linux rises on the desktop in the next 20 years, it would happen the same thing that on Windows with malware.
      You certainly know what you're talking about...not
      Now away with nonsense, here's some logic:
      GNU Linux and *BSD have secure repositories, that MS Windows, Mac OS X and even Android lack. So it's harder to get a trojan on it. As far as your "same thing as Windows" is concerned, you must be out of your mind to state that on GNU Linux one would ever be able to get infected when

      -- opening a document
      -- inserting an external media
      -- opening an email body/attmnt
      -- clicking on a (web) link
      -- visiting a certain website
      -- via RPC

      That is possible as much as any natural phenomena from the quantum mechanics point of view.
      eulampius
      • Already happened

        It's real and it works because Linux has severe design flaws in it.

        "-- opening a document
        -- inserting an external media
        -- opening an email body/attmnt
        -- clicking on a (web) link
        -- visiting a certain website"

        http://www.juniper.net/security/auto/vulnerabilities/vuln11481.html

        "A specially crafted PNG image could reportedly overflow an integer value, and possibly result in overwriting of critical memory regions allowing for the alteration of proper program execution. This vulnerability may be exploited to execute attacker-supplied code in the context of an application that utilized the affected library."

        And wow, take a look at all the affected products at the end of that link. Brutal.
        toddbottom3