Five Tips to Keep Your Android Phone Secure

Friday, March 04, 2011



The ongoing assumption has been that applications offered in the marketplace have been vetted for security, but McAfee's George Kurtz recently demonstrated at the RSA Conference how vulnerable or infected mobile applications can be been approved for distribution.

McAfee created an application similar to the popular "flashlight" offering. Kurtz described how the team was able to produce an "approvable" application that could be manipulated after the fact to and enable remote functionality via a command and control server.

Almost on cue, the number of malware infected applications discovered in the Android Market has grown to over 50 this week, punctuating Kurtz's recent keynote address.

In light of the rash of infected applications, InfoWorld has published five quick tips to protect your Android from malware:

“If you download something from an app store are you assuming it is OK? When do Apple [or Google] have time to go over three million apps with a fine tooth comb?" Kurtz said.

1. Always research the publisher of the app. What other apps are they offering? Do any of them look a bit shady? If so, you should probably stay away.

2. Read online reviews. Android Market reviews may not always be truthful. Check around to see what reputable websites are saying about the app before you hit that download button.

3. Always check app permissions. Whenever you download or update an app, you are given a list of permissions for that app. That alarm clock app you are looking at probably shouldn't need to be looking through your contacts. The general rule of thumb is if an app is asking for more than it does, you should probably skip it.

4. Avoid directly installing Android Package files (APKs). When Angry Birds first came to Android, you could only get it through a third party. This is called "sideloading" or, installing apps using an .APK file. While Angry Birds wasn't malware, it is highly advisable not to download and install .APK files that you randomly come across. Most of the time you won't know what the file contains until you install it. By then it's too late.

5. Get a malware and antivirus scanner on your phone. While many still think that antivirus scanners on phones are useless, maybe outbreaks like these will change minds. Several different big name security companies already offer mobile security options, many of them free. I myself had downloaded "Spider Man," which is on a bad list. My Lookout software identified it as a Trojan.

The InforWorld article also has several lists of applications that have been identified as being infected with malware, as well as some more security guidance from Lookout Mobile Security.

Check the lists and compare to the applications on your Android phone, and use caution when downloading applications, even from the marketplace.

Possibly Related Articles:
PDAs/Smart Phones
malware Mobile Devices Smart Phone Headlines Android Security applications Application Market
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.