The global cyberattack of this past weekend has infected thousands of users’ machines with so-called ransomware. It involves a process by which the attacker infects data stored on the device and encrypts it, blocking access until a monetary ransom is paid to recover it. Though this kind of malware has so far only appeared on desktop computers, the Android platform is still susceptible to infection by ever more common attacks.
On a smartphone the main method of malware transmission is through downloads of fraudulent apps without user consent or by tricking users through some form of identity theft, usually through IM apps like WhatsApp or Skype. Hence it is essential to have tools to analyze documents before you install them as well as give reports on the apps you use on your smartphone. Here we offer a few tips on how to protect your device from malicious software.
Analyze your apps with Virustotal
The Virustotal service, owned by Google, lets you analyze any app through more than 50 antivirus programs and get a detailed report of the results. Besides its web versions, there’s a completely free app that, once you install it on your smartphone, will analyze all your installed apps and advise you of the ones deemed suspicious. Likewise, you can send files and even analyze URLs. That said, we should note that this app does not offer real-time protection so it should be used in conjunction with good sense and other apps that do provide some sort of firewall.
Download only from reliable sources
Check the permissions used by each app
Another field to keep in mind when checking how reliable an app is is which permissions are required for its proper functioning. It doesn’t make much sense, for example, for a text editor to have access to your contacts, or for a supposed puzzle game to make use of your camera. While the most modern versions of the Android operating system notify you with a popup if a “sensitive” permission is required, users of older devices will need an external tool to check that everything is on the up and up. Exodus Privacy lets you review your installed apps and check if they’re using permissions that a priori they shouldn’t be, thereby detecting whether you’re using a fraudulent version of the software in question.
Phishing on IM apps
We’ve noted above that infection through malicious apps is the main cause of security problems. So where do they come from? Mainly links received over WhatsApp and other chat services where virality and immediacy work in favor of malware. Lots of scams are floating around on WhatsApp, with their main weapon being phishing strategies to trick unsuspecting users. In other words, luring people onto sites that try to pass as official services offering enticing promos, whether it’s skins for WhatsApp or discounts for Tesco. Plus these sites try to get users to share the malicious URLs to their contacts, and in most cases the person who’s sent you the link doesn’t even realize she’s done so.
Use good sense
No marketplace, not even Google Play, is free of fraudulent apps, and antiviruses alone are pretty useless on Android. In the end, the main firewall against infection is you and your ability to discern how reliable the pages you visit and apps you download are. Be cautious, check apps against reliable sources of information, and if in doubt NEVER click a link or an Accept button.