In today's fast paced world it becomes increasingly difficult to manage life without a smartphone. But allowing yourself to depend on a device can really come back to bite you if you're not security savvy. Today we'll take a look at the current state of Android security and ways that you can ensure that our favorite tool cannot be used against you.
Google has received some flack from many over the sheer openness of their Google Play app market. Currently their policy is to allow anyone to post software on their service for a one-time developer registration fee of $25. By contrast, getting a piece of software onto the Apple App Store can cost several thousand dollars.
Why the huge difference? Each app that enters the Apple store gets rigorously tested by a team of professionals. Those professionals cost money, so Apple charges for that service. Developers are not going to foot the bill for this, after all, they're trying to make money, so the end result is that most apps on the Apple store cost money in some form or fashion. By setting the barrier to entry so very low, Google ensured that their platform would have more free/low-cost software than IOS. The drawback is that because their is no oversight, malicious programs get put onto the Android market from time to time. Instead of relying on a paid team to weed out the bad apps, Google relies on its users to report apps that behave suspiciously or cause unwanted charges. Once reported, it gets taken down from Google Play.
So that's the first thing to be clear on: if you believe you've been ripped off by an app, report it! Its unfortunate that Google's method almost requires that someone gets victimized before the problem is removed, but these are the trade-offs when you build a system designed around the concept of openness. And while Google is attempting to create an automated app scanning system to cleanse the market of the bad eggs, it hasn't got it exactly right yet, and some still manage to slip through.
Advanced iPhone users aren't completely in the clear either. While Apple manages to keep their App Store nice and clean, users who jailbreak their iPhones and use 3rd-party app stores are just as susceptible to malware.
The best defense against malicious code is to understand just what kind of things that the bad guys might be looking for... While its true that a dishonest developer could easily cause a bunch of fake in-app purchases and attempt to gouge you for some money, something like this would get reported rather quickly, and the charges would be reversed and the developer account closed. It would end up costing them money in the long run.
Phone scams are more likely then to take the form of fishing scams and/or identity theft. In some instances, scams have been set up where an app causes your phone to send out spam SMS messages, attempting to use your reputation to ensnare your friends. So if one of your friends suddenly asks you why you sent them that weird text, look into it. It could be your phone that is doing it.
The best way to spot malware before it ever gets on your device is to pay attention to the permissions that are requested when you go to install something. If an app asks for permissions that it doesn't need, that is the point at which you begin to get suspicious. But also understand that some things that sound scary really aren't. A lot of apps have a permission for accessing the phone state, for instance. This is a common one, and it is usually harmless. The reason this is used by developers is that it allows them to automatically pause their app whenever you receive a phone call. There are many different permissions that an app can have, so if you don't understand one, the best thing to do is to email the developer and ask why they need that permission. You can always find the developer's contact info on the same Google Play page where you downloaded their app. When in doubt, wait for a response before installing.
Next time we'll go over some security apps that will make all of this seem much much easier. Until then, stay safe!