According to Check Point Research, a new species of Android malware has been found in the wild that quietly infected around 25 million devices. That malware was dubbed “Agent Smith” and uses an Android’s device resources to display fraudulent ads for financial gain.
Such malicious attacks have been prevalent on the Android platform for some time and are showing little to no signs of slowing down.
Is there anything Android users can do? Fortunately, yes. There are things you can do to lower the likelihood of your Android device getting infected by such malware. Let’s examine four of the essential possibilities.
Don’t Sideload Applications
First, you must understand what “Sideloading” means. As with most operating system platforms, there are official “Stores” where applications can be installed for free or at a price. These app stores typically vet applications that are made available, so the chances of those apps, including malware, are reduced.
That doesn’t mean those App Stores are 100% guaranteed to be free of malicious software, but it does give the user some assurance. Repositories like the Google Play Store, Apple’s App Store, and the Microsoft Store are always trying to improve how they track down and remove malicious software.
When you install a piece of software from outside those stores, it’s called “side loading.” For the Android platform, numerous websites offer installable applications that you can download and add to your device. One such site is F-Droid. According to ProPrivacy.com, F-Droid is safer than the official Google Play Store. Such claims cannot be made for every site that offers side loadable apps.
Because of this, sideloading apps should only be considered by Android users willing to investigate a site and vet any app they plan on installing. Casual Android users or people unwilling to go that extra mile shouldn’t even consider sideloading.
Tread Carefully in the Google Play Store
Along the same vein as sideloading apps, you shouldn’t just assume every app in the Google Play Store is safe. Unless you have a team of software QA outsourcing like BairesDev to vet every app you plan on installing, you should assume most apps aren’t safe.
So, only install the apps that you have to have to work and get them from established companies and reputable developers. Why? The companies that develop official apps have a vested interest in only releasing safe applications. The last thing they need is a malicious application leading to a class-action lawsuit. To that end, most big companies are very cautious with the software they release.
If you consider the software built into Android, you have the following tasks covered out of the box:
Without installing a single application, a lot of what you do is already covered. If you add the following applications, you should set up:
Since the above four applications come from large companies, chances of them, including malware, are slim.
Use Open Source Software
I mentioned F-Droid earlier. What’s remarkable about that service is it only offers open-source software. What is open source? Open-source software means that the code for an application is released under a specific license that requires the developer to grant users the rights to study, change, and distribute the software. The apps found on F-Droid are all open-source, which means that any user, developer, or institutions (such as Q&A testing services) can vet the software.
With open-source software, it becomes harder for bad actors to hide malicious code. When an application is a proprietary (AKA closed source), it cannot be vented outside of the company that created it.
As a bonus, no application found on F-Droid includes any means of tracking users. So you have apps available to you that are free of cost, free of malicious code, and free of tracking. The caveat? Although there are quite a few titles to be installed from F-Droid, you won’t find any of the official Google apps, and some of the apps might seem a bit out of date or overly complicated for the average user.
Avoid Software with Few Reviews
Reviews can be faked. Reviews can be bought. Studies are also one of the fastest means to find out if a piece of software can be trusted. If you go to install an app from the Google Play Store, and you notice it has zero reviews – avoid it. Or, if the app has just a handful of studies that say little about the software or is worded poorly, don`t install the app.
To that end, if you use and trust a piece of software, and you like said software, take the time to leave a review to boost the trust of the application.
Update, Update, Update
Updates to applications and operating systems are made available for several reasons. One of the single most important reasons is patching security vulnerabilities. If you allow either apps or the Android system to go without updating, know that you are possibly leaving your device vulnerable to attacks.
For example, Google releases monthly security patches for Android. Making sure you apply available updates is crucial to install the most recent security patch. The one caveat to this is that not every device manufacturer releases those updates in a timely fashion. The only way to ensure you have a device that gets the security patches and other Android updates as soon as they are released is by using an official tool from Google. In other words, the Pixel Phone.
By following these simple rules, your Android experience should be free from malicious software. Does it guarantee you’ll never wind up with malware? No. No device that is connected to a network is ever 100% secure. But every step you can take to prevent malware from finding its way onto your smartphone or tablet will go a long way to protecting you, your device, and your data.