Mobile devices have largely avoided the malware outbreaks that have plagued PCs for decades now for a simple reason — app stores.
Nearly all — or even all — the software that’s on your phone or tablet now came through these official portals, where they endured some degree of vetting. But this doesn’t mean it’s impossible to have your security or privacy compromised by bad apps.
Here’s a quick run-through of the basics you need to know to keep the data on your mobile device safe and private.
1. Stick to the official app stores.
If you have an iOS device, you can only use the official App Store, unless you “jailbreak” your device and take your security into your own hands. Android users, however, have more freedom. And with freedom, there’s a little danger. “Anything ending in .apk might be malicious,” Tom Van De Wiele, F-Secure Security Consultant, tells me. “So the official Google Play store is the only place you should get your apps.”
He offers a simple metaphor to remember this concept: “You don’t pick up shiny food from the street and put it in your mouth either, no matter what the promise is.”
In case you missed the point: The Play store is the clean table — everywhere else is the grimy, filthy floor.
2. ANDROID USERS: Make sure to block downloads from “Unknown sources”.
“Phishing campaigns are focussing on providing .apk files to unsuspecting victims by email, SMS, MMS, Skype and other means,” Tom says.
He recommends you avoid these scams by blocking downloads from unknown sources.
To do this, via iKidApps.com:
3. ANDROID AND IOS USERS: Don’t assume that your apps have been vetted for privacy.
“It is not in Google’s interest to remove a lot of apps as they generate advertisement revenue for Google,” Tom says, adding that the Play store doesn’t do nearly as much vetting for malicious apps as the Apple iOS store does and instead opts for a “clean-up-as-you-go model.”
But that doesn’t mean iOS apps are completely nuisance free.
“Apple has the ‘walled garden’ of trying to control what they can when it comes to their application eco-system,” he says. “This does not take into account apps that invade your privacy by asking you, for example if the app can ‘access the address book’, which will result in sending the contents of the address book to a remote location.”
You have to check the app permissions yourself to avoid these data-farming apps.
4. Look out for “bait ware.”
Both app stores have been plagued by what Tom calls “bait ware”.
These are apps “where the user is fooled into generating a lot of advertisement revenue by randomly popping up ads, fake buttons and other arbitrary functionality.”
New parents need to especially be on the lookout for these apps.
“This is especially prevalent in baby and toddler applications which look very enticing to download and try but are merely empty husks with interwoven advertisement.”
Why do these apps prosper despite their dubious quality?
Tom says, “Both Apple and Google are reluctant to remove them as it becomes a slippery slope on where to draw the line between sincere and malevolent behavior of an application.”
5. “Walled gardens” aren’t perfect solutions so check reviews and be suspicious of newer apps.
Google’s approach invites malicious apps to occasionally appear in its store. Often they’re imitations or clones of much more popular apps. This is much, much more rare in the iOS App Store, but it has happened.
To preserve your security, privacy and disk space, do some basic due diligence and check the reviews to see if they seem real and offer some substantive testimony that the app is legit.
[Image by PhotoAtelier | Flickr]
After F-Secure principal security consultant Tom Van de Wiele stepped into the #CyberSauna for the second episode of…
January 19, 2018