With Google Play acting much like the wild wild west, Google has also taken steps to introduce measures to police its growing apps ecosystem. Preventive measures, such as having apps request for permission to access specific functions on your Android devices, have been around since the very beginning.
Meanwhile, Google has also taken reactive steps when malware apps are detected, both on Google Play and Android devices. Back in 2010, Google exercised the option to remotely remove malware apps that have been installed on Android devices, followed by a notification to the user that a malicious app has been removed. A drastic move, to say the least, but it’s an emergency fail-safe that proved to be useful for users who are unaware that they’ve installed a malicious app.
Google has also added another fail-safe for Google Play, a service codenamed Bouncer back in February this year. Bouncer, as its moniker implies, takes a look at the market and hunts for potentially malicious apps. This service doesn’t stop at the apps, as it also targets developer accounts, especially new ones, to prevent clone developer accounts from making its way back onto the Google Play.
Checking on the app with Bouncer is done through the following states: once the app is uploaded onto Google Play, it's scanned for known malware, spyware and trojans, on top of behaviors that could indicate an app going rogue with a quick comparison of previous apps that triggered red flags. Google claims that it simulates the app’s performance on an Android device, in the hopes of finding hidden and malicious behavior within the environment.
Besides Google’s efforts to keep malicious apps at bay, users are just as crucial in reporting these apps. But that is only the first step towards active prevention. So how should one protect their Android smartphone from malicious attacks? More often than not, it really boils down to user awareness. Here are some rules to live by if you wish to keep malicious apps out:
The most effective and oft-overlooked way to keep your device safe is to properly configure its location and security settings. For example, switching on the simple PIN or password lock screen option deters others from accessing your confidential data. To configure your smartphone’s location and security settings, go to Settings > Location & Security. It would be best to try and switch out your password/PIN configuration every 2-3 weeks as an extra precaution.
Accessing an open network will open users to risks to their personal security. In fact, a recent travel tech consumer poll conducted by Norton in Singapore found that a vast majority access internet on their mobile devices and an extremely high percentage of them log in via unsecured networks. Worse still is the fact that nearly half the respondents did not think about security concerns at all:-
As such, the same threats that laptop or desktop users face also apply to smartphone users when they habitually access insufficiently secured wireless networks. One way to keep these risks at bay is to turn off the automatic wireless connection option off.
When in doubt, always stick to Google’s Android Market. While there’s no 100% guarantee that every single app on the Android Market is malware-free, Google has taken extra steps to ensure the legitimacy of these apps, more so from the Bouncer service that scans new apps for potential malware.
Apps might be disguised to look like a legit or even famous apps such as Angry Birds. But there are certain tell-tale signs of its legitimacy. Firstly, check the developer name. If it doesn’t match up with the app, that’s one alarm. Secondly, look at the number of downloads it has received. It’s highly suspicious if popular apps such as Cut the Rope doesn’t come with a high download number reported. If that’s the case, chances are it is a malicious app trying to pass off as a legit one. As such, it is highly important that you should closely scrutinize these apps before you download and install them. Check out user ratings and reviews as well.
Before you install each app, be it from Android Market, a third-party app market or even a side-loaded app, the app will request for permission to specific functions on your Android device. Be aware of the permissions the app is requesting - it is important to first consider how a particular app functions. For example, should a game request for permission to access and send SMS (of which is not necessary for its genre), that’s one warning you shouldn’t ignore.
Here’s the undeniable fact: malicious apps are here to stay. While we can’t eradicate these apps completely, the next best option is to invest in security apps. We have a good list compared here (Kaspersky Mobile Security 9, McAfee Mobile Security, Norton Mobile Security, Trend Micro Mobile Security Personal Edition for Android, avast! Free Mobile Security), so be sure to check them out. Fortunately, there's a good mixture of paid and free security apps for you to choose from the app store.
Google’s actions have by far been aligned with its original intent - to provide both developers and consumers with unhindered access to Google Play. Their added security layer, which acts as a deterrent and reactive measure to detect, remove and block malicious apps, is meant to keep things in check, without affecting the ease in which apps can be uploaded or accessed.
Google Android is by far one of the most open platforms for developers to explore and connect with their targeted audience. Yet, it is also one of the most dangerous ecosystem, even with Google taking steps to ensure its security against malware apps. While the onus is upon Google to create a safe environment for its users, it’s not a one-way street. Responsible and prudent usage of your device, and employment of accompanying apps, are necessary to truly enjoy the freedom of the wild wild Android world out there.