Android is now the most popular operating system in the world for mobile devices with well over a billion devices running it. And smart phones are not just phones, they carry so much personal information they’re like digital vaults that need protecting. We provide an insight into the threats currently targeting Android devices and ten top tips on how to safeguard your mobile digital life.
In September last year, Sundar Pichai, Google’s head of Android development announced that Android activations had passed one billion. In plain English this means there are one billion mobile devices out there running the Android operating system. This seriously large figure places Android number one in the world in terms mobile devices well ahead of Apple’s IoS, Symbian, Windows Phone, the BlackBerry OS and others.
Interestingly, the Symbian operating system headed the field until 2010 when it was overtaken by Android. Symbian was Nokia’s baby but in the tumultuous and lightening paced world of mobile device development Nokia paid the price for being unable to keep up, and its mobile phone arm was swallowed up by Microsoft about the same time that Android hit top popularity ranking.
On the surface these ‘industry’ developments are understandably of only marginal interest to your average smart phone or mobile device user. But given that virus writers and hackers generally gravitate towards the targets that offer the largest returns for the least effort, it means that Android-based mobile devices are going to become something of a potential El Dorado for digital miscreants.
There’s a simple logic to this. There’s a Himalayan mountain range of evidence that shows hackers hack those systems that are popular and they have done since the dawn of the mass computing age. Even the figures for malware developed for Android bear this out.
Android malware – the state of play
Back at the beginning of 2012 Android-specific malware was counted in the single thousands, according to some industry sources. In October 2013 nearly 75,000 instances of Android malware had been detected illustrating a significant growth rate. The figures vary according to who you speak to and it’s important to note that detection also means instances of the same types of malware. So theoretically, one example of malware might infect thousands of devices bumping the figures up quite a lot.
Furthermore, it’s also important to point out that much of the Android malware has to date been found on small unregulated third party app stores mainly based in the Middle East and Asia. Fake or repacked games were the big target for hackers and the penetration rate averaged out at around 7 percent of all apps on the store. You probably even won’t have heard of many of these third party stores such as Mumayi, AnZhi, Baidu, eoeMarket and liquen.
This is good news for Android mobile device users because it means that the feared avalanche of Android malware has not yet materialised, though it’s clearly out there and growing. This is also born out following a conversation with an industry analyst who recently told this blog that mobile phone companies were quietly relieved because the fear that Android devices would be swamped by malware hasn’t happened.
But that doesn’t mean it isn’t happening. There has been some pretty clever malware developed that targets Android vulnerabilities. These range from making changes to an Android apps code to gaining administrator privileges, to SMS monitoring designed to steal mobile authentication numbers used in online banking systems. Many of these attempted hacks are originating in the Far East and Russia and they also target Chinese and Russian users.
The SMS monitoring malware Trojan appears to be part of a wider strategy that is focused on desktop PC online banking. The mobile authentication numbers it attempts to steal are one component of a multi-layered security system for some online banking systems.
Good news… and bad news
In summary, this is generally good news for many Android users because their devices are not yet the subject of mass attacks. But that said, the tide does appear to be turning. One of the most notable Recent Android exploits and one that signals a major attempt by the cyber underground to move from the desktop to mobile devices was the relatively recent discovery of a ransomware app called Android Defender.
It was available in the Play Store and masqueraded as an antivirus tool. However, it was anything but an antivirus tool. It was a piece of ransomware designed to lock a user’s mobile device. It aimed to make user’s think their device was infected with viruses and to have these removed, a user had to pay $100 over a one year period. Luckily it was estimated that only 50 devices were infected before the malware was discovered.
However, there’s no reason to be complacent. Many security experts compare the present situation with mobile devices to that of desktop PCs when viruses started appearing. At first it was a slow trickle, today it’s a global underground industry worth billions and billions of dollars to cyber crooks.
Here are BullGuard’s Top 10tips to keep your mobile device safe
To protect your mobile device we’ve put together some tips that will keep you safe:
1: The most obvious thing to do is to lock your device with a password and install an app that monitors your device if it’s not in your possession. Make sure the password or passcode is unique and one that only you know and difficult for someone to guess.
2: Get some antitheft protection. This provides you with the ability to remotely wipe the data on your device if you decide your phone is irretrievable. Some antitheft apps include location tracking and a remote alarm to help find your device if lost.
3: SMS blocking is also a useful app tool. It allows you to block your device from sending unwanted calls or messages. It’s particularly useful for parents who want to prevent their children’s devices inadvertently incurring unnecessary charges.
4: Backup your data regularly. Set up your phone so that it backs up your data when you sync it, or use a back up service.
5: Android devices usually block by default apps that do not come from the Play Store. This is useful to keep out apps that might be infected with malware. You can check your device by going to ‘settings’, ‘applications’ and ‘unknown sources’. If the box is checked it means non Play Store apps can be downloaded. To stop this simply click in the box so the check mark is removed.
6: When you’re downloading an app read the apps list of requested permissions. This can be a tricky one because these permissions are sometimes excessively long and loaded with jargon. But many apps sometimes raise security and privacy concerns with requests that seem excessive. Some apps, for example, might request to send SMS messages, which are completely unrelated to the apps function. In fact, some apps are designed to scoop up your personal information or even track your movements for marketing purposes.
7: Install antivirus software. This will scan apps that you download and should an apps ‘silent’ behaviour raise concerns such as plundering your personal information and sending it elsewhere it will flag this up.
8: Also use web browsing protection that flags up and blocks malicious websites. This will keep you safe from stumbling on websites that are designed to trick users into downloading malware.
9: Check your phone bill for unusual data charges or premium rate calls. Contact your service provider immediately if you discover any unusual calls or data usage on your bill.
10: Check for updates to your phone’s operating system regularly. Install them as soon as they are available.
Check out BullGuard Mobile Security. This soon to launch updated app includes a wide range of functionality that provides rigorous protection against all mobile threats. It includes comprehensive antivirus protection, that doesn’t drain your mobile’s battery, SMS blocking, antitheft, remote alarms and even SIM protection so if your phone is lost or stolen you can remotely lock its down and even wipe data. It’s also provides parental controls and automated backup and includes pretty much everything you need to safeguard your Android mobile devices.
Watch this space – in future blogs we’re going to be drilling down into specific threats that target mobile devices.