If you follow tech news, you’re likely aware that Google has been struggling to block and remove malicious apps from their Play Store. As the primary method of installing apps on Android devices, the Play Store is a perfect way for swindlers to spread apps that track users’ activity, steal data, ransom devices, or make devices unusable.
The problem of malicious apps is widespread; just this month it was revealed that 40 million Play Store users had downloaded a keyboard app called ai.type that operated in the background of users’ devices to make unauthorized purchases, leaving users with an $18 million bill. This news comes on the heels of antivirus company ESET’s revelation that a year-long study they conducted saw 8 million installs of adware delivered through 42 apps during 2018. As ESET explains, many of these apps mimic other well-known apps like those created by Facebook and Google, even using very similar logos and names, which makes it difficult for users to distinguish trusted apps from those that are unsafe.
This alarming news raises important questions for Android users: Do I need virus protection for Android devices I use? And is Android virus protection software enough to keep my devices safe?
Why Virus Protection For Android Doesn’t Work
Android devices are often criticized for being vulnerable to security threats, and many news articles inaccurately push Android antivirus software as a fix. But antivirus software is ineffective because Android security is different than PC security. For one thing, Android devices don’t pick up malware in the same way that a PC does. Anything that gets installed on an Android device requires some action from the user, so unlike your home computer that can be infected simply by visiting a risky website, your phone or tablet requires you to allow, enable, or download infected code. This means that your phone is very unlikely to download a virus, which makes most Android virus protection software essentially useless. Instead, it is more likely to pick up other kinds of malware that antivirus software doesn’t protect against, such as programs that track users and sell data about them, steal passwords, or make unauthorized purchases.
So how does a phone become infected? The most common infections occur when a user installs an app on their device that secretly contains malicious code, known as malware. The malware functions in the background without the user even being aware that it’s there. These kinds of apps can make it into the Play Store because the malware in them is often not activated until the app has gone through testing and been approved by Google, and users download them because they are disguised as benign games or apps.
How To Guard Against Malware
Since many malware attacks are Trojan horses that Android antivirus software won’t detect, you may feel defending against them is a lost cause. But that’s definitely NOT the case. There are many things you can do to secure your Android devices against this kind of compromised app.
Enable Built-in Android Protections
Android devices actually include many built-in protections that can be highly effective. Usually, these features are automatically enabled, but if you like to play with your phone’s settings or root your phone, it’s worth checking that these features are still activated.
My favorite of these is the App Permissions feature. Located in Settings under the App and Notification menu, this feature allows users to control what information or programs apps are allowed to access on a phone. For example, users can choose whether to allow an app to access their device’s camera, contacts, text messages, and so forth. One red flag that an app may contain malware is if it asks for permissions for features of your phone that the app shouldn’t be using, such as a game that asks for access to your phone’s microphone even though it does not use the microphone for gameplay.
Another important feature is Google Play Protect. Introduced in 2017, this software automatically scans apps when they are installed on an Android device and continuously monitors apps’ behavior. If an app begins acting suspiciously or requesting additional permissions on your phone, Play Protect alerts you, allowing you to decide whether to limit or allow permissions, or uninstall the app altogether. If an app is found to contain malicious code, Play Protect automatically removes it from your phone.
Safe Browsing mode is a similar feature that alerts users if they access a suspicious website while using their Chrome app on their device. As I already mentioned, your phone will not automatically download a virus from a suspicious website, but this alert can still be useful in preventing you from choosing to download something from the site onto your device or sharing the site with friends who might visit using a PC.
Only Download Apps From Secure App Stores
Given what I wrote in the first few paragraphs, you may scoff when I say Google scrutinizes the apps in their Play Store, but the company has been rolling out increased protections and security standards over the last few years. Also, given the millions of apps available on Google Play, the percentage that is malicious is actually quite small (although I admit that number is growing).
Third-party app markets are much less likely to police the apps they offer and so installing apps from these markets makes your device more vulnerable. Unless the third=party app store you are using is large, such as Amazon’s app store, it will likely not have the resources to investigate its offerings as thoroughly as Google does.
Finally, while some annoying and invasive malware does slip through Google’s screening process, the most serious malware issues will not appear in the Play Store because of the amount of testing Google puts apps through. While the Play Store is imperfect, it is still the most secure option for Android users.
Watch Your Phone’s Performance And Read Reviews
If your phone becomes slow, the battery life drains rapidly, or you’re suddenly using more data after installing a new app, that might be an indicator that the app contains malicious code. Just like on a PC, having too many applications running in the background will cause performance issues on a phone. Malware that gathers and sells information about you often runs continuously in the background to see how often you use your phone, for how long, and what kind of other apps you use. To gather maximum amounts of data, that malware will run often. This is why besides slowing you down, it can also kill your battery. These kinds of apps also use lots of data when they transmit the information they have gathered about you, or they may use data when making unauthorized purchases.
Before downloading an app, read reviews about it, and not just the most recent reviews. Other users will let you know if an app has caused any of these performance problems on their devices and you’ll know to be wary.
Investigate The App Developer
This sounds like a lot of work, but it doesn’t have to be. When you click on an app in the Play Store, it takes you to a page where you download the app. Underneath the name of the app, you will notice that the app developer’s name is a link taking you to a page where developers can tell you something about themselves and the kind of games they create, such as this page from Butterscotch Shenanigans. You can see the kind of apps the developer makes, how long they’ve been making apps, and how well those apps are received. If a company is very new, provides very little information about itself, produces a wide variety of unrelated apps, or has lots of negative reviews, then you’re taking chances if you download from them.
Don’t Root Your Device
To root a phone means to open up additional controls like a developer would have. It’s like having administrator privileges that allow you to customize a device further. In the early days of smartphones, techy folks enjoyed the tinkering that rooting allowed them to do, and some people still like the feeling of power that rooting gives them.
But as Android has evolved, most of those privileges that rooting offered have become available to users without having to actually root the device, and the consequences of rooting can make a phone much less secure since they allow users to disable the default Android protections I just talked about.
Update Your Device Regularly
We all hate it when a message pops up asking to install an update. It only ever seems to happen when we’re in the middle of something, so it’s tempting to keep putting it off. But these updates are critically important, whether on your PC or your phone, because they often include security patches that repair operating system vulnerabilities. If you go too long without these updates, you’re leaving yourself open to attacks. Remember, companies roll out these updates once they have been found, which often means attackers are already exploiting the vulnerability by the time the patch is released to you.
Security threats to Android devices are serious. But with a little common sense, your devices already have the protection you need to prevent most malware attacks. Since Android devices are not vulnerable to viruses, most antivirus software available for these devices is worthless. A better solution is to only download apps from the most trusted sources and to take advantage of the many effective protections already built into your Android system.
Malware doesn’t just attack Android. If you’re concerned about malware threats to your network, you can relax knowing that TracSoft Tec provides customized, up-to-date network security protection. Our 24/7 monitoring keeps your system safe day or night. Contact us to find out what TracSoft Tech can do for you.