Most internet users are aware of the importance of installing and maintaining security software to combat the ever-growing threat of malicious code, but this awareness has been far slower to migrate to mobile devices. Smartphone users are at particular risk when it comes to handhelds, and what many don’t consider is that these increasingly versatile pocket-sized devices, originally intended to simply make calls on the move, have now effectively become miniature computers.
As such they are subject to similar risks, and recent reports surrounding threats to Android devices should be a shot in the arm for both the mobile security industry and users looking to keep sensitive data from prying eyes. The increasing popularity of this open-source OS is underlined with the news that it outranks Apple in the number of searches by IT professionals for information and support over the last 12 months, according to SkillSoft’s Books24x7 ITPro collection.
And there’s a good reason for this, as the potential advantages illustrate. But alongside the flexible nature and wide range of development opportunities that Android users can benefit from comes the “dark side” of the internet, in the propensity for malicious software to work its way onto a device.
Just this month, over 50 applications were removed from the Android Market following concern that they could contain malware. This was confirmed by sources and the malicious code was deemed to be capable of sending sensitive information from a mobile to a remote server, as well as invoking further security vulnerabilities to promote the possibility of further attack. Contributors from respected web blog Android Police have called it “the ultimate Android Trojan to date”, widening concern surrounding the inherent risks of using this system.
What is Google doing?
Unlike Apple’s Appstore, not all Android applications are checked and monitored for potential security risks and as such must be treated with the same prejudice as unknown files and applications downloaded to a regular computer. Unfortunately this means that Google’s attempts to combat threats are often reactive rather than proactive, which places additional responsibility on the user.
Since the attack Google has remotely removed the offending code from compatible devices. In an effort to play down the threat, Android security lead Rich Cannings confirmed "For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).But given the nature of the exploits, the attacker(s) could access other data, which is why we've taken a number of steps to protect those who downloaded a malicious application.”
In addition, a security update should prevent phones from succumbing to similar issues, for now. But as we’ve seen with desktop computers, the changing face of viruses is such that a single security hole being filled is rarely enough to combat the problem entirely.
What can you do?
Just as with desktop and notebook computers, the ultimate responsibility for safeguarding personal information falls to the user. A combination of awareness and the use of effective security software is the only sure-fire way to reduce the chance of being at risk, and is something that is gaining increased focus following recent reports. However, unlike threats that are intended for other platforms, those imposed on the mobile market do differ in that the trading of sensitive information is being targeted ahead of malicious damage.
Philip Dall, mobile security expert with internet security company Bullguard, explains "Spyware on a mobile phone doesn’t behave like a virus on a desktop computer. Spyware is designed not to disturb or destroy anything as its mission is to secretly obtain and transmit information without being detected. The information is then traded on a ‘black stock exchange’ where the going rate for credit card information is good, and subject to the same rules of supply and demand as on the legitimate markets",
So how can Android users combat these attacks and ensure that their personal data is kept safe? There are two things to bear in mind, continues Dall "First and foremost, you should think twice before you download applications by finding out who uploaded it, check which rights and actions the app wishes to make use of, and consider whether this sounds right or not. Secondly, you should install security software on your phone."
The latter is perhaps a more important consideration, since if the open-source benefits of the Android system were to be overwhelmed by these concerns it would be seriously detrimental to the advantages of the platform. Dall cites BullGuard’s own “Mobile Security 10” suite as a one-stop solution that combines Antivirus, Antispyware, Antitheft, Parental Control, Firewall, Spamfilter, Basic Backup and support. Compatible with Android, as well as Symbian, Windows and Blackberry phones, it offers significant peace of mind in the same way as a security suite would on a PC.
A security suite is rapidly becoming one of the most essential additions to “must-have” software on these portables, and users would do well to consider an investment in such an application, as well as remaining vigilant in their activities when downloading and using the applications and games available to their device.