In 2018, over 10 million new malicious programs were detected each month. One of the most massive attacks was by Asacub. It targeted mobile users and was successful in infiltrating more than 250,000 unique victims.
The rapidly increasing number of threats attacking mobile devices is quite alarming. More so as mobile users are mostly unaware that their phones are vulnerable to these attacks. While the Android system itself cannot get viruses, rogue applications can disguise itself as legitimate apps. They can remain in your devices collecting personal information or worse setting up a ransomware attack.
Is Google Play Safe Enough?
Google Play employs its own anti-malware mechanism which filters questionable applications out of the app marketplace. Google Play Protect adds a layer of security to ensure that only legitimate applications can get through.
But, is Play Protect completely secure?
The answer is probably not. According to the AV-TEST Product Review Report in January 2018, Play Protect can only detect the latest Android malware in real-time at 62.9% success rate. This is quite low than the security industry standard that is 97.8% successful real-time detection.
So, here are a couple of things that you can do to avoid malware attacks on your Android device.
Stay Away From Third-Party App Stores
The success of the Google Play Store and Apple App Store gave way to a slew of copy cats all over the Internet. Many of these third-party app stores offer free applications which are otherwise paid in legitimate marketplaces. Others offer big discounts as well.
With these great options, who wouldn’t want to download applications from these sources?
Your Android phone often limits the installation of third-party applications for security purposes. Bypassing this security layer opens your device to potential attacks.
An example was the Marcher trojan in 2017. It disguised itself as an Android version of Super Mario Run. The malware collected login information from all apps in the victims’ including banking applications.
Unless you completely trust the source, do not install applications from third-party applications or APK files directly from the Internet.
Spot Fake Apps and Potential Trojans
While hackers can be quite clever, fake applications are easy to spot. Here are a few things to check out:
- Take note of any typos, grammatical errors, and other mistakes in the app title and description. Legitimate developers know that one of their best marketing tools is the description. Real applications will provide high-quality details and screenshots.
- Check if there are regular updates on the application. Developers often spend time improving their application, fixing bugs, and changing the layout throughout the lifetime of the app. Updates roll out about once every 20-25 days for free apps and every 50-55 days for paid apps.
- Legitimate apps usually have well-thought-out reviews whether it is positive or negative. It is rare for well-established applications to have perfect five stars on Google Play especially if it has high download rate. The review section is also where you can verify if the app is legitimate or a malware-carrier.
- Check the download statistics. A “popular” application with almost no downloads will most likely be a fake one. Poor download stats can also mean that users ignore the app intentionally which means you should too.
The details discussed above are typically in the app page on Google Play. Scroll down at the bottom to see additional information about the application.
Check App Permissions
App permissions outline the functions in your phone that an app can access. Applications need various parts of your Android system to function properly. It includes accessing data on your mobile device such as media files or contacts. Other applications may need access to the camera or the microphone.
To check an app’s Permission details, scroll down to the developer section on Google Play.
If you already have the application on your phone, Go to Settings -> Apps
From the list of your applications, choose the app that you want to examine. Scroll down to the App info page to see what functions the app has access to.
Be wary of suspicious permission requests which are not related to the app’s functions. For example, it is perfectly logical for Skype to have access to your contacts, camera, and microphone. On the other hand, a game app should not request permission to access your log data.
Protecting yourself from Android malware attacks begin even before installing applications on your phone. As they say, “Prevention is better than cure.” Always be conscious of software that you are going to install on your phone as the device houses many of your personal and sensitive information.
Add a layer of protection by making sure that you are protected by an anti-malware application such as MalwareFox for Android. Rogue apps can sometimes fool the most vigilant user, so having robust real-time protection is necessary for anyone who frequently uses their mobile devices.