“Smart phones pose different challenges than other devices, but the principles are the same. One important defense is to avoid malicious apps”
Smart Use of Smart Phones
I don’t need to tell you how ubiquitous smart phones are in our modern world. Unfortunately, we are often far less careful about how we use these mini-computers than we are with our laptops and desktops. There are several things you can do to be more secure when using your smart phone, but with the rise of malware such as MobSTSPY, I thought we would take a minute to talk about how to protect yourself from malicious apps.
We would never open a link or attachment in an email from an unknown sender, right? That would allow unknown files to be downloaded onto our computer which could do all kinds of damage. Check out our article here on types of malware. Those of us a little older remember downloading “free” (aka pirated) music to our computers which we paid for in all kinds of viruses. Downloading apps to our phones poses similar security threats. Unfortunately, it isn’t always easy to spot a malicious app.
How Malicious Apps Get Onto Your Phone
The quick and dirty answer is that malicious apps find there way onto your phone because you put them there. The solution is then, of course, to stop downloading malicious apps. In order to do this, we need to know what a malicious app looks like. Here are some red flags to look out for:
🚩 The app didn’t come from the App Store or Google Play
These distributors go to great lengths to filter out the most egregious security threats, though they are not perfect. For example, the aforementioned MobSTSPY has at least six Google Play apps to distribute its malware in 2018 alone, accounting for hundreds of thousands of compromised devices (source). If you have to go to a web page and then download a file to install in your phone, just don’t. Don’t do it.
🚩 The app requires lots of permissions
One way that malicious apps take advantage of users is by stealing data. They do this by asking for “permissions” when installing. These permissions are sometimes innocent. For example, an app might ask for permission to your image files so it can run more quickly and use less data by caching images locally. There is no easy way to tell if the app is so innocent however. With access to your files, it can also see everything else saved on your phone and then sell that information to advertisers, or even to political interests. Most high quality apps, even free ones, come without any permissions. When in doubt, ask, “Does this make sense?” Access to the microphone might make sense for a guitar tuning app, but if a tetris game is asking, it might be using the microphone to spy on you. That’s scary.
🚩 Something is just “off”
Many malicious apps will pose as legitimate apps. If your new Angry Birds app doesn’t look quite right, uninstall it. It could be a dangerous counterfeit. If you aren’t sure if you are downloading the correct app, check the author. A simple search will tell you that Angry Birds is published by Rovio. Make sure that the author of the the app matches what you expect. Some other signs that you have found a malicious app is that your phone will all of a sudden slow down. You may also notice that you have started burning through your data plan much quicker than normal. When in doubt, delete the app.
If you know what to look for, you can limit much of the risk, but hackers are always learning and becoming more sophisticated in their attacks. Even savvy users might become a victim. One of the best things you can do is to limit your exposure by simply limiting the number of apps on your phone. If you don’t use an app, delete it. If it isn’t one of your favorite games, think about if it is really worth the risk. Stick to well known apps, even if it means missing out on being the one to discover “the next big thing”. When in doubt, delete the app.
Another important step is to keep your Google Play app updated. I know it is annoying and it seems that the updates get bigger every time, eating up your phone’s storage. Still, it is important. Updates are how the distributor keeps you safe from the newest attacks.
Finally, be mindful about how you use your phone. Malicious apps can’t steal information that isn’t on your phone. Turn off services such as GPS when you don’t need it. Keep photos (especially sensitive ones) on a secure drive, not on your phone. Delete sensitive texts as soon as you can. Leave the phone at home once in a while. In general, just be aware of what personal information you allow your phone to access. In the end, being a smart smartphone user goes a long way.