Android Devices Exposed: 7 Ways to Thwart Hackers

Take a deep breath. There's a new report out highlighting a huge spike in threats against Google's Android platform. Yes, it's something to be concerned about. But don't freak out or return your cool new Samsung Galaxy Tab.

Mobile threats are rising, but actual attacks against smartphones and tablets are still a tiny fraction of the number of new threats that target your PC, and to a lesser extent, your Mac. And remember the law of big and little numbers. When a number is small, it doesn't take a huge addition to pack a big percentage change.

The news here is this: Malware targeting the Android platform jumped 76 percent in the second quarter of the year, making it the most popular target for makers of malware that attacks mobile devices, according to researchers at McAfee, the anti-virus and computer security company now owned by Intel.

The reasons for the spike aren't hard to discern. Hackers like to attack popular platforms, and Android phones are now outselling Apple's iPhones. In order of popularity with hackers, Android is followed by the fading Symbian operating system and Java ME. If you're alert, you'll notice that iOS is not in the top three; in fact it's not on McAfee's list at all.

To explain why, let's take a look at a report issued by Symantec, McAfee's major rival in the personal security business. In June, Symantec said:

iOS's security model offers strong protection against traditional malware, primarily due to Apple's rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.

Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today's increasing volume of Android-specific malware.

Those points are essentially the same as what the McAfee researchers have to say about Android vs. Apple mobile device security.

How to Be Safe

Just because you're statistically unlikely to be killed by a lightning strike, that doesn't mean playing golf in a thunder storm is a good idea. Similarly, don't take my calming words as license to pay no attention to security for your Android device. Malware is out there, and it targets personal information that you really don't want some bad guy to get his hands on.

Here are seven things you can do to thwart the hackers.

Use a security app designed for Android: Lookout Mobile Security is getting the best reviews I've seen. It's a free app (though there's also a beefier premium version) that does a number of things, including scan downloads for viruses. It also works as a phone tracker in case your Android is lost or stolen. Lookout has a Web site that will track its location. It also allows you to wipe your data remotely, lock the phone or set off an unpleasant alarm. Finally, there's a Web site associated with the app you can use for backup.

Always check app permissions: Whenever you download or update an app, you are given a list of permissions for that app. If an app is asking for things it shouldn't need, get rid if it.

Don't install Android Package files: As our colleagues at PCWorld explained: "When Angry Birds first came to Android, you could only get it through a third party. This is called 'sideloading' or, installing apps using an .APK file. While Angry Birds wasn't malware, it is highly advisable not to download and install .APK files that you randomly come across. Most of the time you won't know what the file contains until you install it. By then it's too late."

Bank with authorized apps only: Online banking and bill pay is a great convenience, but to be safe, only use apps supplied by your bank.

Only download popular apps: I know this sounds pretty stodgy. But there's a reason for it. Apps that have been downloaded a lot aren't likely to be poisoned. For that matter, they're likely to actually be worth downloading, if you believe in the wisdom of crowds, that is.

Download from reputable publishers: If you're uncertain about an app, do a quick search under the publisher's name. If you find a number of apps with good reviews and lots of downloads, chances are you're dealing with a reputable outfit.

Keep an eye on your wireless bill: Some rogue apps do things like make expensive calls to foreign numbers in order to fatten the bank account of various intermediary sites at your expense. Often the calls happen in the background or at times when you don't realize your phone is doing something.

Join the CSO newsletter!

Error: Please check your email address.

Tags telecommunicationGooglesecurityMobile OSesAndroidmobile

More about AppleCNET NetworksGalaxyGoogleIntelMcAfee AustraliaMcAfee SecuritySamsungSymantecSymbian

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Snyder

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts