The security firm Sophos recently released a list of the malware it most frequently finds on Android devices, and you might be surprised at the number of different threats that are floating around.
Usually disguised as legitimate apps, these threats can replicate popular apps but deliver little of their functionality; install other apps that sign you up for paid services; or claim to save battery life but instead rip off your personal information and spam you with ads.
Even Facebook has been known to deliver malware to Android devices. Check out this video, in which a user shows how he received a friend invitation from someone who had a bad website listed on his or her profile. When the user clicked on the link, the browser automatically began downloading malware to the phone.
How To Avoid Malicious Apps
First, you should only use a reputable app store, such as the Google Play store. Even there, however, bad apps do exist. That’s because Android’s open environment isn’t nearly as restrictive as Apple’s. The Amazon Appstore is an alternative to Google Play that provides a high degree of safety.
The best way to tell if an app is one you should download is to look at how other users have rated it. If it only has a few ratings or rates poorly with users, skip it. You should only download apps to your device that have been rated by thousands of people and who give it an average of 4 or 5 stars. Never install an app with one or two stars—there’s a good chance not only is it poorly designed, people may have found serious issues with it. Read through the reviews—the reasons for low ratings soon become apparent.
It's also a good idea to check an app's permissions before you install it to see if they are reasonable. Often, the stated permissions can be confusing, but if you see something clearly out of the ordinary—a wallpaper app requiring access to your contact list—it's probably best to steer clear.
Use Strong Antimalware Protection
According to independent security software testing firm AV-Test, the best security solutions for Android—meaning they detect more than 90% of identified threats—come from these companies: Avast, Dr. Web, F-Secure, Ikarus, Kaspersky, Lookout, McAfee, MYAndroid Protection, NQ Mobile and Zoner. In AV-Test’s tests, Bitdefender, ESET, Trend Micro and Vipre just missed inclusion—their rate of detection was between 88.1% to 89.9%.
(Editor's Note 8/28/13: Many of the security apps rated highly by AV-TEST performed dismally in our study of their effectiveness against spyware. See our in-depth mobile anti-spyware study for more details.)
That’s not to say other products won’t keep you safe from malware. AV-Test says products that detect between 65% and 90% of potential threats “can also be considered to be very good” because “Some of these products only fail to detect just one or two malware families that may not even be prevalent in certain environments.”
The products that AV-Test said fall into this secondary tier come from AegisLab, AVG Mobilation, Bitdefender, BullGuard, Comodo, ESET, Norton/Symantec, QuickHeal, Super Security, Total Defense, Trend Micro, Vipre/GFI and Webroot.
In addition to protecting your device from malware, there are other benefits to installing security software on your phone. Many of these products have the ability to use GPS to find your device if it’s lost, and if necessary, can lock or wipe it. Some also let you do things like filter out calls or texts from contacts that you designate.
You can find free and paid security apps from the companies AV-Test listed by searching for them at the Google Play market. As examples, the free app from Ikarus effectively protects your device from malware but if you want features that let you locate, lock and wipe your phone you need to ante up for the paid version, which is $26.20. Antivirus Free from AVG Mobilation gives you those features in its free product, although it wasn’t in AV-Test’s top tier.
Alternately, if you need security for the computers in your house, often security companies offer bundles that include software which will protect user’s devices.