Security becoming a must on smartphones

The amount of malware targeting the Android mobile operating system has jumped up since the last quarter, becoming the most-attacked mobile platform, according to security software provider McAfee.
Written by Roger Cheng, Contributor

The amount of malware targeting the Android mobile operating system has jumped up since the last quarter, becoming the most-attacked mobile platform, according to security software provider McAfee.


DrdDream was identified as the first major trojan embedded in an app.
(Credit: McAfee)

The study found that Android malware had jumped 76 per cent since the previous quarter, a remarkable rise in just three months. At the same time, Android had surpassed Symbian as the most-attacked mobile platform.

These threats include rogue apps that can swipe your personal data or steal the passwords for your bank accounts.

"We believe the emerging mobile malware is just the beginning of the threats," said Lianna Caetano, director of mobility product marketing for McAfee.

It used to be the case that the biggest concern was losing your phone, and having someone access your personal data — but malware has since surpassed it as the more worrisome issue, Caetano said. The apps can come disguised as a game or a news program, and they work in the background of your phone.

One example of malware called "spyeye" actually collects text messages that are sent by banks to verify a person's identity. By intercepting the messages, the program can obtain a person's user name, password and the verifying code from the text message. Another, called "GoldDream.A", logs incoming SMS messages and outgoing calls, and sends them to an outside server. The first major Trojan was identified as DrdDream, which steals information, but was removed from the Android Marketplace.

Fortunately, the wireless industry is mobilising to offer better protection. Last month, in the US, McAfee and Sprint Nextel partnered up to promote McAfee Mobile Security, a bundle of software that can track a stolen or lost phone, back-up personal data or remotely wipe it from the device and offer protection against rogue apps and unsafe web links on the internet.

AT&T is also looking to push more security into its smartphones. Last month, it partnered with Juniper Networks and its S-Mobile Systems unit to offer protection against threats to large companies. The two also plan to introduce a consumer version later this year.

"We anticipate as threats get more sophisticated, the demand for these products will just increase," Caetano said.

Personal tips

Lookout Mobile Security, a free — although limited — application that can block malware and other threats, is another option that any Android user can download for some decent protection.

Unfortunately, most consumers don't have any form of protection on their smartphones. More than 80 per cent of people surveyed by NPD Group in a recent study said that they didn't have any security applications loaded on their handset. It's more an issue of confusion over their options rather than ignorance of the threats.

"While smartphone owners are worried about security threats, they are also thoroughly confused about what to do about them," said Stephen Baker, an analyst at NPD.

Perhaps the easiest way to guard against attacks is to adopt a different mindset about security on the mobile phone. Just as we feel vulnerable when our PCs don't have security software loaded, we should also apply the same level of concern to our smartphones.

When downloading an app, pay close attention to what permissions it asks for. A chess game probably doesn't need access to your contact list, yet people will blindly approve the permissions and go straight to downloading and installing the app.

Also, look at where you are downloading the app from. Is it from a reputable source? The Android Marketplace may have its share of malware, but it's much safer than going to random websites or unknown markets. If you're curious about an app, then read the customer reviews. Try to read more than a few, since some of them could be placed by the author.

"Users just need to practice some common sense," Caetano said.


Editorial standards