Security becoming a must on smartphones (Inside Apps)
Malicious software is an increasing threat to smartphones. CNET's Roger Cheng offers advice on how to protect yourself.
When writing a weekly column about the apps business, it's easy to get caught up in the new opportunities, capabilities, and trends emerging in this burgeoning area. It's equally easy to forget they come with new threats.
These threats, which include rogue apps that can swipe your personal data or steal passwords for your bank accounts, are real and growing.
A recent study conducted by security software provider McAfee found that that amount of malicious software, also known as malware, targeting Android had since the previous quarter, a remarkable rise in just three months. At the same time, Android had surpassed Symbian as the most attacked mobile platform.
"We believe the emerging mobile malware is just the beginning of the threats," said Lianna Caetano, director of mobility product marketing for McAfee.
It used to be the biggest concern was losing your phone and having someone access your personal data. But malware has since surpassed it as the more worrisome issue, Caetano said. The apps can come disguised as a game or news program and work in the background of your phone.
One example of malware called "spyeye" actually collects text messages that are sent by banks to verify a person's identity. By intercepting the messages, the program can obtain a person's user name, password, and the verifying code from the text message. Another, called "GoldDream.A," logs incoming SMS messages and outgoing calls and sends them to an outside server. The first major Trojan was identified as DrdDream, which steals information, but was removed from the Android Marketplace.
Fortunately, the wireless industry is mobilizing to offer better protection. Last month,, a bundle of software that can track a stolen or lost phone, back up personal data or remotely wipe it from the device, and offer protection against rogue apps and unsafe Web links on the Internet. The software, which costs $29.99 for a one-year subscription, is featured in the Sprint Zone, the carrier's showcase for recommended apps.
AT&T is also looking to push more security into its smartphones. Last month,and its S-Mobile Systems unit to offer protection against threats to large companies. The two also plan to introduce a consumer version later this year.
"We anticipate as threats get more sophisticated, the demand for these products will just increase," Caetano said.
Lookout Mobile Security, a free--although limited--application that can block malware and other threats, is another option any Android user can download for some decent protection. Sprint previously partnered up with Lookout to promote the app on Sprint Zone in June.
Unfortunately, most consumers don't have any form of protection on their smartphones. More than 80 percent of people surveyed by NPD Group in a recent study said they didn't have any security applications loaded on their handset. It's more of an issue of confusion over their options rather than ignorance of the threats.
"While smartphone owners are worried about security threats, they are also thoroughly confused about what to do about them," said Stephen Baker, an analyst at NPD.
Perhaps the easiest way to guard against attack is to adopt a different mindset about security on the mobile phone. Just as we feel vulnerable when our PCs don't have security software loaded, we should apply the same level of concern to our smartphones.
When downloading an app, pay closer attention to what permissions it asks for. A chess game probably doesn't need access to your contact list, yet people will blindly approve the permissions and go straight to downloading and installing the app.
Also, look at where you are downloading the app. Is it from a reputable source? The Android Marketplace may have its share of malware, but it's much safer than going to random Web sites or unknown markets. If you're curious about an app, read the customer reviews. Try to read more than a few, since some of them could be placed by the author.
"Users just need to practice some common sense," Caetano said.