What You Need to Know about Mobile Security
There might've been a time when you weren't overly worried about your mobile devices getting infected by malware - after all, viruses and spyware were a threat mostly to computers. But as smartphones and tablets become increasingly popular, so do threats that target mobile devices exclusively. According to a 2013 report by Web security provider Blue Coat Systems, an increasing amount of malware is making the jump from desktops to mobile. Security company McAfee also warned in February (PDF) that it detected over 36,000 malware threats, most of that number targeting Android devices.
Though it's not just Android. If you have a mobile device, you need to know how malware is targeting it and what you can do about it. If malware sneaks on to your phone or tablet, it can install adware, activate SMS Trojans that send out expensive text messages from your phone without you knowing, and even let others spy on your emails, texts and web browsing.
How malware infects your mobile devices
The most common way malware infects a phone or a tablet is through downloaded apps masquerading as a popular title or as a useful utility program. You'd think you wouldn't fall victim to that if you're careful, but some malicious programs are very well disguised as legitimate apps. In 2012, for instance, fake Angry Birds and Assassin's Creed apps hit Google Play, and many Android users unknowingly downloaded the malicious programs that charged them a premium rate - roughly $22 - for each app.
That modus operandi, however, might soon change. Security researcher Chris Astacio warns that it's very likely for attackers to start tweaking mobile malware to infect devices via web pages instead of through apps. At a presentation at the RSA Security conference in San Francisco in late February, he revealed that software that exploits vulnerabilities on computers has been starting to look out for web hits made by iPhones, iPads and Android devices. Which indicates that, although it's not yet an actual threat, this method might be used to attack mobile devices in the future.
Abundance of Android malware
In addition to MacAfee's report mentioned above, a 2012 report by Kaspersky Lab points to Android as the most popular target of mobile malware attacks. 94% of mobile threats targeted the Android platform in late 2012, most of which targeted Gingerbread (Android 2.3.6) devices, with Ice Cream Sandwich (Android 4.0.4) coming in a close second. More than half of all the malware detected by Kaspersky turned out to be SMS Trojans. So if you notice any unusual messaging activity on your phone, make sure to quickly take steps to protect it (see below). Also, make sure to update your Android device to the most currently available operating system; this often addresses security flaws in previous versions.
While there's an abundance of malware for Android, that doesn't mean phones running other operating systems are safe. Mobile app analyst Appthority recently published a report (PDF), revealing that iOS apps exhibit riskier behaviors than Android apps. That's because iOS apps have more access to your data and are more likely to send and receive unencrypted information. The first iOS malware that hit the App Store in mid-2012 harvested data from address books and sent info to a remote server - all the contact details gathered were sent spam text messages.
Windows Phone 8, which was introduced in mid-2012, is still relatively new, but a teenage hacker from India has already developed prototype malware for it. The good news? The teenage hacker didn't mean any harm - he only created the prototype to demonstrate that it is possible to infect a Windows Phone 8 device.
How to protect your phones and tablets
Always check the legitimacy of apps you download
You might think you're installing a well-known app, but you might have gotten the fake one. To save yourself the headache, always check who created the apps you download by making sure it was posted by the app's known developer. If you find an Angry Birds app posted by someone other than Rovio, do not download it. Report it to Google because it's most likely malware.
But what about if you're downloading an app you haven't heard of before? Make sure to go through the app's ratings and comments and look out for obvious red flags. If there's even just one reviewer who says the app is fake, it's worth looking more into it in case it really is. It also helps to dig through the developer's history to see what other apps it has previously submitted, and to look for info online. Finally, make sure you check the rating and read the reviews. Apps with few ratings (less than a few hundred) or lots of negative comments require extra caution.
Install anti-malware apps for your mobile devices
You now have quite a list to choose from when it comes to anti-malware software for your phones and tablets. You can get standalone apps - many for free - from your device's app store. Here are the security apps we recommend:
- Android: Norton Security antivirus, Lookout Security & Antivirus, McAfee Mobile Security, AVG Antivirus for Android
- iPhones and iPads: WebRoot Secureweb (malicious website protection only)
- Windows Phone: TrustGo Antivirus
There are also all-in-one security programs you can purchase, which are essentially security software bundles for your mobile devices and your computers. These bundles, which include McAfee All Access, Kaspersky ONE, and Trend Micro Titanium Maximum Security, can be quite pricey, but you'll often find them at big discounts. McAfee All Access for one user is currently on promotion for $49.99 (down from $99), for instance, while a Trend Micro bundle (that includes a three-PC licence, one Mac Smart Surfing license, and one mobile security license for Android) is on sale for $33 (down from ($90) on Amazon..
But is it worth paying for these all-in-one security programs? Maybe - if you also have computers and other mobile devices that need anti-malware. If you're just really looking for a security software for a single mobile device, you're better off downloading one of the cheaper apps from your operating system's app store.
Scan your phone or tablet regularly, and protect your passwords
To add another layer of protection, it's best to install password protection apps, especially if you regularly do online banking or access any other financial information on your device. Look for password vaults for your OS, such as 1password (iOS, Android), Norton Identity Safe (iOS, Android) and LastPass (iOS, Android, Windows Phone 7). With these apps in place, you only need to type in your passwords once -- they auto-fill the password box next time you visit the same website. That way, if a keylogger (malicious software that can read everything you type and send it to an attacker) ever makes its way into your phone, it won't be able to capture your passwords.
Finally, after downloading and installing your anti-malware app, don't forget to scan your mobile device regularly. Schedule a scan once a week or more if you want to make sure your device is safe and that there are no threats hiding in the recesses of your phone or tablet, waiting for the right moment to strike.