Should you be worried about malware on your Android smartphone?

Taylor Martin
 from  Concord, NC
| August 3, 2011

It's that time again, folks. That's right, it's time to talk smartphone security … again.

Smartphones have become a staple in the way we live our lives. Mobile platforms haven't replaced full-fledged operating systems on PCs (yet), but their popularity has grown an impressive amount in the past two to three years. This popularity and the openness of some mobile platforms, as always, have created incentive for malicious attackers to target mobile operating systems.

Lookout, one of the more popular Android security services, released their first Mobile Threat Report with data from over 700,000 applications installed on over 10 million devices. What did they find you ask? Only that malware threat on the Android front has grown 250 percent in the past six months and that mobile users are two and a half times more likely to encounter some form of malware. Yowza!

This is not cause for you to go all willy-nilly and sell your Android phone for an iPhone or BlackBerry. The majority of the applications found in Android Market and other (reputable) third-party app stores are coded by individuals like you or I who are trying to make an honest living. As Jerry Hildenbrand of Android Central points out, “... malware, spyware, and various nasty bits of code are out there.  We've seen them out there, both real issues and overblown ones.”

It does, however, mean you should be more cautious. A smartphone is essentially a pocket-sized computer, the place where we all store some rather personal information about ourselves and often information about our closest loved ones. That is exactly what a large number malware programs have been coded to seek out: personal data. This information is a rather broad category. Sometimes it can be credit card information, passwords to any type of account or basically any type of information you wouldn't want just anyone getting their hands on. The good thing is, most applications that do need access to these rather personal details usually do not store them locally on the device itself, and if they do, it's typically in an encrypted text file.

Other methods will sign users up for premium text message services without their knowledge, sometimes charging up to $50. But these malware developers have started to get creative, just like they did with PCs. They have begun taking legitimate applications and repackaging them with “malware, creating Trojan applications that appear to be legitimate, but in fact are malicious, and post them to app stores and download sites.” Also, Lookout found the first instance of an “Update Attack,” wherein a perfectly legitimate application is downloaded at first. Once it gains a large user base, the application is then updated with malware attached.

Lookout states that once your device has been infected, attackers can: send location, send contact info, send and read SMS messages, place phone calls, silentely download files, open the browser and more ... To stay safe from malware on your Android smartphone, they suggest that users should:

  • Only download apps from trusted sources, such as reputable app stores and download sites. Remember to look at the developer name, reviews, and star ratings.
  • After clicking on a web link, pay close attention to the address to make sure it matches the website it claimed to be.
  • Download a mobile security tool that scans every app you download for malware and spyware, and can help you locate a lost or stolen device. For extra protection, make sure your security app can also protect from unsafe websites.
  • Be alert for unusual behavior on a phone. This behavior could be a sign that the phone is infected. These behaviors may include unusual text messages, strange charges to the phone bill, and suddenly decreased battery life.

As I stated before, there are a few extra things you can do to stay ahead of the curve with mobile security. As Lookout suggests, only download apps from trusted sources, but also read the permissions. If you notice a battery widget asks for access to your location or contacts, I'd be a little skeptical. Bookmark Lookout's (and other mobile security services) blog to stay up to date on the progression of smartphone-based malware. And lastly, if you do need to keep any personal or private business information on hand at all times, keep it in the cloud. Don't store it on your device until absolutely necessary.

We knew it was only a matter of time before this type of thing became a real issue in the mobile world. Well, it's here and it's only going to get worse with time. The best thing you can do is be aware and cautious of the things you download, especially if you're not sure of the source.

Now it's your turn, PhonePups. What do you do with your Android phone to stay safe? Do you even use a mobile security application at all? Share your security tips below!