X

Protect your Android device from malware

Mobile malware is on the rise and your device could be at risk. These tips could help you stay safe and keep your personal information out of the hands of cybercriminals.

Dan Graziano Associate Editor / How To
Dan Graziano is an associate editor for CNET. His work has appeared on BGR, Fox News, Fox Business, and Yahoo News, among other publications. When he isn't tinkering with the latest gadgets and gizmos, he can be found enjoying the sights and sounds of New York City.
See full bio
Dan Graziano
5 min read

Sarah Tew/CNET

The adoption rate of mobile devices continues to soar, with Android leading the way. The open-source operating system that is led by Google is now found on more than half of all smartphones. In fact, research firm Strategy Analytics found that 81.3 percent, or 204.4 million, of smartphones shipped in the third quarter of 2013 were powered by Android.

This massive user base has caught the attention of cybercriminals, who have begun to double down on their efforts to illegally obtain personal information from Android owners. While most mobile malware is found in countries like Russia and China, users from Europe and the United States aren't completely immune.

Bogdan Botezatu, a senior e-threat analyst for security firm BitDefender, explained in an interview with CNET that malware is more accessible than ever before because "no coding is required to bind Android apps with malicious programs."

The analyst went on to say that "people look at phones more like phones, rather than intelligent computers," adding that most people don't understand that these devices are susceptible to malware similar to the strands found on PCs.

The most common malware regardless of platform is related to short message fraud and personal life invasion. Botezatu noted that "one of most important things that can happen with Android is privacy invasion." Mobile malware can allow cybercriminals to intercept messages, monitor calls, steal personal information, and even listen in with the device's microphone.

Perhaps even more troubling is that cybercriminals are now coming up with more complex ways to attack mobile devices, most of which are not protected. Botezatu pointed me to an alarming statistic from research firm IDC, which revealed that only 5 percent of smartphones and tablets have some sort of antivirus program installed.

While antivirus apps can help secure your device, there are other steps that can be taken to better protect yourself from encountering mobile malware.

Watch this: Keep your Android device safe from malware

Legitimate app stores

When downloading apps it's imperative that you only do so from a legitimate app store; that means from companies like Google, Amazon, Samsung, or another major manufacturer or carrier.

These marketplaces are monitored and scanned for potentially dangerous or fraudulent programs. On occasion, however, malicious apps sometimes slip through the cracks, often disguised as legitimate ones.

A fake BBM app recently appeared in the Google Play store and managed to secure more than 100,000 downloads before being removed. The app itself was nothing more than a spamming service.

Suspicious apps

The fake BBM app is a great example. While anyone who actually read the reviews wouldn't have downloaded it, thousands of users did. One of the best defenses against malware is to notice things like suspicious apps with outrageous promises, bad reviews, and sketchy app permissions.

Pirated apps

I'm not here to lecture you on the ethics of pirating programs (it's illegal), but I am here to warn you about the dangerous that can come from it. As Botezatu said, taking a legitimate Android application package (APK) file and binding it with a malicious program is a relatively simple process.

Downloading apps outside of legitimate app stores can make your device vulnerable to malware. Jason Cipriani/CNET

Most pirated or cracked apps usually contain some form of malware. You could spend a couple of bucks on that game you always wanted, which in the long run will give you hours of entertainment and reward the developer for their hard work, or you can pirate it and put your personal information at risk. The decision shouldn't be hard.

For those of you interested in sideloading apps, make sure to only do so with apps downloaded from a trusted developer's Web site.

Settings

Google includes numerous settings in the Android operating system that can prevent malicious attacks. Devices running Android 2.2 or higher, which essentially means nearly all Android devices, have access to Google's malware scanner. Prior to installing an application you downloaded outside of the Play store, Google will scan the app and warn you of any potential threats.

This feature is enabled by default and can be accessed in the Google Settings app in your device's app drawer. Alternatively, devices running Android 4.2 or higher can access the feature by going to Settings, clicking on Security, and scrolling down to Verify apps.

Google added new security features in Android 4.2. Screenshot by Dan Graziano/CNET

Devices running Android 4.2 or higher are also protected from premium SMS charges. A notification will alert you if an app is attempting to send a text message using a premium service, at which point you can approve or deny the transaction. This feature is built directly into the operating system and does not need to be enabled.

Software updates

While this may not be an option for most users, if there is an update for your device make sure you download and install it. Manufacturers, carriers, and Google are constantly pushing out updates with bug fixes, enhancements, and new features that can make your device more secure.

A system update can fix bugs and patch vulnerabilities in your device. Screenshot by Dan Graziano/CNET

To check for an update on stock Android go to Settings, click on the "About phone" or "About tablet" option, and select System Updates.

Antivirus apps

The Google Play store is also home to hundreds of antivirus apps that can offer an extra layer of protection. Finding the right one, however, can sometimes be difficult. A simple "antivirus" search in the store yields more than 250 results. So which one should you choose?

Companies like Avast, AVG, BitDefender, Kaspersky, Sophos, Symantec (Norton), and TrendMicro have long and established histories as some of the most trusted brands in the industry.

Overall results of Android security apps in the AV-Test endurance test between January and June 2013. AV-Test

Newcomers Lookout and TrustGo have also made a name for themselves as some of the top mobile security providers. Earlier this year, AV-Test, an independent IT security institute that ranks antivirus apps based on protection and usability, rated TrustGo and Lookout as the top two antivirus programs on the Android platform.

Each security provider I mentioned above scored higher than average for protection against malware, with most detecting malicious apps more than 99 percent of the time. Any of these programs would be a safe and smart option for your smartphone or tablet.

Many of these companies also offer additional features for a small monthly fee. These include things like anti-theft protection, safer Web browsing, device tracking, remote wiping, and more. It should be noted, however, that Google's Android Device Manager offers similar functionality for locating a lost or stolen device. The tool can be accessed online or through a free app on the Play store.

As for antivirus programs, whether you opt for the basic or premium features, Botezatu noted that, at least concerning BitDefender, the basic malware protection is the same.

"We are trying to make security available to all users with no distinction," he said, adding that the premium features are just an extra layer of protection.