Antivirus programs are quite familiar to us on our desktops.
As mobile operating systems have grown in
The trouble with apps is that they all run in the same
sandboxed Java environment, which includes
the AV apps as well. Most AV apps lack
the ability to gain low-level system access on mobile that desktop antivirus
would. This currently means that the best way to avoid malware is to understand
how Android apps work.
When an app is installed, the system will always display permissions
requested. See here for an example. You can also find these permissions in the android settings for
installed apps. These permissions are shown on a tab in Google Play) Some antivirus apps such as Zoner can display a list of apps and
the number of permissions granted.
If a simple app asks for permission to send and receive SMS messages; that should
be checked out by the user. Recent malware has been designed in such a way that
by gaining rights to the phone, it can send text messages to premium rate
numbers and also allow other attackers to carry out fraudulent activities. PC World reports that when
first executed, Obad.a prompts users for device administrator privilege.
Applications that gain this privilege can no longer be uninstalled through the
regular apps menu until they are removed from the administrators list on the infected device. Indeed security
researchers at Kaspersky’s lab have come across a Trojan virus, which is so
strong that it might be almost impossible to remove.
The same problem exists for apps that allow phone calling
permissions, potentially allowing them to call premium rate numbers without the
user’s knowledge.
Another permission to check for is access to the contact
list, and Google accounts. If you believe that the App should not be accessing this
data, there is a chance that it is malware designed to collect user data for
spamming or phishing. You might expect to see this permission is in apps that
autocomplete contact names, or handle messaging actions.
The location permission could be used it for location-aware
ads (might be useful), but a more questionable app could pick up a user’s
location, and store it over time to sell that to advertisers.
The best way to stay safe on Android is to just stick to
established apps from the likes of the official Android Market or the Amazon
Appstore. While bad apps do occasionally show up in the Market, Google removes
them swiftly and can also remotely kill the apps on phones.
There has been good evidence that a lot of free Android
antivirus apps just don’t work, and could even cause people to believe they are
protected when they are not. This might mean people taking take more risks with
downloading dodgy software. There is a useful review here.
Perhaps even worse is the latest scam imported from the PC
platform, a form of which was recently identified by Symantec. Android
Fakedefender locks people out of using other applications and can also change
the settings of the OS, making it tricky for people to uninstall the malware.
Juniper networks says that the Mobile Threats Report,
conducted by the Juniper Networks Mobile Threat Center, is one of the largest
first-hand quantitative research studies of its kind. The report is based on
analysis of more than 1.85 million mobile applications and vulnerabilities, up
more than 133 percent from the last report released in February 2012.
Juniper says it's clear that cybercriminals are now rather than trying to crack into every system, are going after the most popular: Android which dominates nearly 60 percent of the smartphone market share. (Apple has slightly more than 19 percent and Microsoft has 18 percent.)
An interesting feature of Zoner mentioned above is the theft protection, which if enabled allows you to remotely control and locate your device via SMS messages. If you have lost it somewhere you can get a location or sound an alarm for people to notice it. (useful if you have left it on silent) If it has been stolen you will be notified when SIM is changed. It might also be used by your partner or others to track your location...
No comments:
Post a Comment