I couldn’t think of a better title for this Tech Tip post… But I’ve decided to make one to warn the Android users the potential dangers and how to ensure you are protected against such threats from giving you a bad day. Since Android is considered majority market share in the Smartphone industry, it is only a matter of time that this becomes an issue that warrants people to be cautious about. The fragmentation that has brought on by Google and their many OEMs have only made Android a bigger target for malicious applications. However, all this is pretty simply to avoid. You have to actually allow the App in question to install to actually become infected.
Don’t let all these malware prevent you from enjoying a wonderful Android experience. Android OS is still a very good mobile platform and very popular due to the options to either buy a low-end budget friendly Android to a high-end powerhouse Android phone. Thanks to the open nature of the Android platform, the platform is more susceptible to these kind of threat. And because it is the market leader, it only makes sense that this platform is targeted more often than the others. Apple’s iOS and Microsoft’s Windows Phone platform does not have these issues to worry thanks to their closed platform design restricting apps from system wide effects and limiting the ecosystem to their own respective App Store.
Google has always believed in Open platform design. As such people have the option to either download their applications from the Google Play Store or the hundreds if not thousands of third party “App Stores” that is available to Android users. Google does a pretty good job at screening their Apps that show up on their Play Store, although some do manage to slip by from time to time. Apps downloaded from outside the Play Store does not get that same treatment. As such, if you are one of those users that like to download from third party stores such as “Amazon App Store”, “1Mobile”, “F-Droid”. You are depending on those App Store providers to screen what gets added to the store. By default on all Android devices, the options to allow installation of apps outside of the Play Store is disabled by default. This is simply a security prevention from preventing malicious apps from being installed on your device without your authorization. Once you allow this setting to be enabled, it is up to you to be competent enough to determine which app you install is safe and which ones could potentially be harmful. The safest way is to just stick with the Google Play store since it is the Official source for Android apps and also the largest.
Android is designed to notify you when an app is being downloaded and again when it’s being installed anyway. Most of the time it will prompt you to accept the security permissions the App requires access to on your phone. It will never simple install behind the background. The only time an app would be installing in the background would be if you enabled auto-updates on stores like the Google Play Store. Otherwise it will normally prompt you for your permission. If you detect it is trying to install an app that you’ve never heard of before, or you never initiated an app installed, chances are it’s a malware trying to get it’s way into your system.
Malware has actually existed on Android for sometime now, but has started to grow more rapidly as it’s popularity grows more and more rapidly. A very annoying Windows ransomware known as CryptoLocker has made it’s way to affected Android devices as well. Though it’s only based on the concept of CryptoLocker, it basically scans your phone for specific file type such as pictures, video files, documents and encrypts them. Then prompts you with a unlock screen that asks you to put in a code which you will have to pay. The general amount usually ranges for a couple hundred dollars to potentially thousands of dollars. Depends how generous the malware maker was I guess. If you fail to enter the unlock code within a specific amount of time, the cost to unlock will go up. They will also claim that if you fail to pay for the unlock code, the “private” key to encrypt the files will be destroyed thus you essentially lose all those files. There is currently no way to decrypt those encrypted files unless you have the private key for the encryption. This is generally saved on the server side.
Currently there is a CryptoLocker like Android malware by the name Simplocker. It scans your SD card for user files such as documents, pdf, music, videos, pictures etc and encrypts them using AES encryption algorithm. It then prompts you to pay $x amount to get the code to decrypt the files. So far it seems like the malware is only targeting users in Russia and Ukraine as the messages are in those languages, but as proof of concept, this can potentially spell disaster for unsuspecting Android users.
Unfortunately, Android users will have to be cautious about what they download, and if they’re not too sure whether the App in question is safe or not. Either consult with a friend or a coworker who has Android experience, or simple skip it and move onto the next app. Also, backing up any important information you might have saved on your phone in the worst case that it does manage to get infected, you’ll still access the file somewhere. Disabling Unknown Sources through Settings > Security > Uncheck Unknown Source. Putting some kind of lock on your phone is help to prevent data from getting into the wrong hands in case your phone is lost or stolen. Or more importantly to keep your friends from getting access to your phone and playing a prank on you and or your *insert social media* application or prank texting/calling people. If you want to be as safe as possible, stick with Google Play Store as your only source of Android apps, unless your work requires you to install their own app that might or might not be on the Play Store, but that’s a different scenario.
In regards to downloading from the Play Store, even Google’s screening system might not catch everything that goes through their queue, and they receive a lot of submissions on a daily basis. So don’t be surprised if you find questionable apps in their store. They’re usually removed pretty quickly after it’s been discovered. Best practice when you come across an app that looks good but you’re unsure is to do a quick glance at the reviews or do a quick Google search. People are generally good at pointing out the bad apps from the good ones. or even point our fake comments from legit reviewers.
I can only give advice on how to safely use your Android phones. Ultimately, how you decide to use your Android phone is entirely up to you.