If you use an iPhone, your days of lording its security features over Android users are numbered.
When it comes to the seemingly endless head-to-head showdowns between the two operating systems used by 94% of Americans, Android's major selling point is also its Achilles heel. Its customizability means Android users can download apps from anywhere, increasing the risk of infection via malware that can skim sensitive info, send spam messages, or freeze the phone until the owner coughs up a ransom.
Spyware is still far more prevalent for Android devices than iPhones due to Apple's tight vetting of apps before they make it onto the App Store. Android's greater market share has a lot to do with it, too, as cyber-criminals can attack more phones with a single infusion of malicious code.
But a recently discovered piece of malware called WireLurker attacked iOS devices through a compromised computer, indicating that not only are malware creators increasingly focusing on mobiles, but that Apple may soon represent as good a piece of game as Android.
What about Windows Phone and BlackBerry, which make up just 5.9% of US smartphone users combined? “These haven't attracted the same kind of attention from malware authors that Android has,” says Jeremy Linden, Senior Security Product Manager at Lookout security firm.
However, as our smartphones become our go-to devices for everything from shopping to business, it's likely that the tiny computer in your hand – no matter which operating system it runs – will increasingly become a target for cybercriminals. Here are nine things you can do to ensure the security of your device now.
Here are nine things you can do to ensure the security of your device now.
1. Log out after banking and shopping
Just make sure you log out when you're done. Signing out from your account prevents cyber-offenders from viewing your personal financial data if your smartphone is hacked. The same goes for shopping sites, where your credit card info may be visible to anyone snooping on the transaction.
Or use your bank's official app. “Banking apps are set up to be encrypted and protect your information even if the network you’re using has been compromised,” Linden says. Ensure you've downloaded the real app and not a malicious copy. Earlier this year, Lookout found a clone of the app for Israel-based Mizrahi Bank, designed to steal customers' login credentials.
2. Only use public Wi-Fi hotspots that require passwords
Use public Wi-Fi only on secure networks requiring a password to access, ideally only from providers you trust such as the coffee shop you're at, a city's official Wi-Fi or a telecommunications operator. Unsecured networks allow hackers to view all web traffic over the network, including passwords and even the contents of unencrypted email (that is, most people's email).
If you're planning to connect to public Wi-Fi a lot — for example, while traveling abroad — use an encryption app such as Freedome (Android or iOS) that can secure your connection to any Wi-Fi network so that your data is unreadable. The app also blocks tracking while you're surfing the web.
3. Set a password on your lock screen
The humble password can prevent an even more insidious crime: allowing someone you know to install spyware onto your device.
Last year, Lookout found that 0.24% of the Android phones it scanned in the United States included spyware designed to target a specific person. That's tens of thousands of people whose calls, messages and photos were being monitored by someone close enough to access their phones.
No matter what type of smartphone you use, a good password is also your first line of defense against the most basic security issue: losing your phone. As long as you don't pick an easily guessed combo like 1111, a password can hold off a would-be thief long enough for you to locate and remote-erase your device via the Android Device Manager, Find My iPhone or Windows Phone sites. (BlackBerry users need to have previously downloaded the BlackBerry Protect app, unless the device uses the BlackBerry Enterprise Server.)
4. Check permissions requested by new apps
According to Lookout, adware is the most common security risk with apps. While ads help app makers turn revenue, some contain adware that may collect personal details or usage habits without your consent, send messages with links to buy fake products or force your device to send premium-rate SMS text messages.
Before downloading an app, read through what permissions it requests from you. If a Flappy Bird clone wants access to your contacts and call history, for example, it's probably best to cancel that download.
If you suspect you've already downloaded adware (based on symptoms such as a deluge of pop-up ads or in-app messages asking you to click on a link), uninstall the app that is delivering the aggressive advertising.
5. Get a security app
If you don't know which app is the culprit or if you simply want to check your phone's bill of health, a free security app such as Lookout (Android or iOS) or Avast Free Mobile Security (Android or iOS) can scan the apps on your phone for malware including adware, spyware and viruses. If malware is detected, the security app will remove it.
These apps can also locate your device if you lose it, sound an alarm or message it in case someone has found it, back up your contacts online and remote-erase everything if all hope of getting your phone back is lost.
Check out our comparison of free and paid security apps for more information.
6. Review your download habits
“Non-jailbroken iOS devices are less likely to download malware,” says Linden. (The same goes for Windows and BlackBerry phones.) But if you've performed tech surgery to rid your iPhone of its limitations or if you use an Android phone, Linden recommends avoiding downloads from third-party app stores, where malware is much more prevalent. Install a security app that can alert you to suspected malware.
Even if apps are on the official app market, only download from trusted developers, and check the reviews for complaints.
7. Disable app downloads from unknown sources (Android only)
Lookout recently identified a piece of malware called NotCompatible C that allows your phone to be used without your permission. For example, ticket scalpers could use the malware to route bulk ticket purchases through a group of infected phones, thus hiding their identity and location.
NotCompatible is downloaded secretly onto Android phones from sites harboring it; links to such sites have been found in phishing emails. To avoid similar sneaky malware downloads, disable app downloads from unknown sources, found in the Settings / Security menu.
In general, it's best to avoid clicking on links in emails from unknown senders or, according to Lookout, clicking on shortened URLs like bit.ly, since you can't see the domain it leads to.
8. Don't grant apps administrator access (Android only)
Back in July, an intimidating type of Android malware made the rounds. The so-called FBI ransomware froze infected phones, popping up a message that the FBI had locked the phone because the owner had violated federal law by visiting illegal sites including child pornography websites. To access the phone (and its data), victims were asked to pay several hundred dollars.
Ransomware may also request administrator rights at installation, giving the wayward app the ability to lock the phone, read notifications and remote-wipe your data. Once given, you may never be able to retract the access, as in the case of the trojan Obad.a, which hid itself and set to work scraping users' info, spamming contacts and downloading more malware.
“When ransomware is downloaded to a phone from a malicious website, it takes the form of an APK (Android application package), often disguised as an anti-virus app,” Linden says. “Or it may in some way trick you into launching the app. To avoid this, do not grant applications administrator access unless the app is reputable.”
If you must travel off the beaten path for apps, only download non-app-store apps from trusted third parties.
9. Install OS and app updates
Finally, the obvious but biggest way to protect your smartphone security: Download software updates for your phone and its apps whenever they're available. Updates are designed to patch bugs and vulnerabilities.
[woman upset with smartphone via Shutterstock]