Landlines have spoiled us. For most of the (relatively short) history of telephones, they were nothing more than simple appliances: calling friends and family was as easy as plugging the phone into the wall and dialing a few numbers. No muss, no fuss, no additional upkeep required aside from paying your bill on time. That kind of thinking can get you in trouble with smartphones, however, which are more like mini-computers than phones, and face many of the same problems PCs do - including malware and virus infection. And smartphone malware can cost you big bucks, as malicious apps can automatically call or text premium numbers that add hefty charges to your mobile bill.
Experts agree that Android smartphones are the most vulnerable. Juniper's Global Threat Center reports that Android is far and away the mobile platform that is targeted most by malware - and the number of malicious apps is growing by leaps and bounds, with a 472 percent increase in detected malware between July and November of this year. Juniper lays the blame on the open nature of the Android Market, which allows developers to publish apps with no quality control reviews whatsoever. By contrast, the "walled garden" approach taken by Apple and RIM (BlackBerry) means that virtually no malware sneaks into their heavily curated app stores. Based on this report from Juniper, a columnist at IT World predicts that 2012 will be "the year of mobile malware."
Furthermore, researchers at North Carolina State University discovered that even pre-loaded apps can put Android users in danger. "Some of these pre-loaded applications . . . are designed to make the smartphones more user-friendly, such as features that notify you of missed calls or text messages," says Dr. Xuxian Jiang, an assistant professor of computer science at NC State. "The problem is that these pre-loaded apps are built on top of the existing Android architecture in such a way as to create potential 'backdoors' that can be used to give third-parties direct access to personal information or other phone features." Their study revealed that the HTC EVO 4G is the most vulnerable, along with the HTC Legend, HTC Wildfire S, Motorola Droid X and Samsung Epic 4G. (The original Motorola Droid is actually the least vulnerable, according to their tests.)
Here's how to avoid being bitten by a virtual bug:
Download apps from official sources only. While Android users are the most vulnerable, it's not necessary to drop the platform altogether. When malware does sneak into the Android Market, Google is usually very quick at removing it. (They've also pushed out updates designed specifically to kill rogue software in the past.) A lot of the malicious apps out there are found on third-party forums and websites; stick to downloading directly from the Android Market or Amazon's curated App Store to minimize the odds of infection.
Do your homework: Read user reviews. A brief perusal of an app's feedback can pay dividends, as users who detect malicious apps often raise the red flag for others. It only takes a few seconds and can save hours of frustration in the long run. Run a quick Google search on the app's publisher, too - malware-pushers often have poor reputations on the Internet. (By that same token, if you do download a malicious app - leave feedback to warn others and report the publisher to Google.)
Read the requested permissions carefully. Before Android installs an app, it informs you what permissions the app requires, such as preventing the phone from going into sleep mode. If a simple app is asking for serious, privacy-invading permissions -- such as the ability to scan your contact list or send and receive SMS (text) messages or phone calls -- you probably want to deny it and run away screaming.
Install an antivirus app. Just don't expect it to work wonders. AVTest, an independent IT security firm based in Germany, tested a bunch of Android antivirus apps [PDF] and found that overall, the results were pretty dismal. The premium Kaspersky Mobile Security app ($10) performed best, stopping all new malware threats from installing on the test phone, but only detecting around half of the threats that were preloaded on the phone. Free apps fared even worse: most detected 10 percent of threats at best, with several detecting none of the malicious apps whatsoever. The one exception was the Zoner AntiVirus Free app, which sniffed out roughly a third of pre-installed malware and stopped 80 percent of new threats at the door.
Our suggestion: install Kaspersky or Zoner, but consider them more of a questionable last line of defense rather than an impenetrable barrier. CNET and PC World both suggest using the free Lookout Mobile Security app. While neither conducts a formal test of its effectiveness, Android users love it: Lookout has a very solid 4.6 (out of 5) star rating with over 250,000 users providing feedback on the app.
There's no sure-fire way to avoid malicious apps for your phone, but if you use these tips, your odds of infection should be drastically reduced.