To secure or not to secure
Jul 14 2014
Contrast this with F-Secure Labs’ Mobile Threat Report for Q1 of 2014, which says that 99 per cent of new threats targeted the Android platform. Security experts Sophos, in their Security Threat Report 2014, stated that Android malware was “mutating and getting smarter”. They also pointed out the appearance of ransomware on Android since June 2013, and predicted that, “Cybercriminals will continue to explore new avenues for Android malware monetisation.” Between 2012 and 2013, the number of Android malware threats rose from 238 to 804; for iOS, Blackberry and Windows Phone, the corresponding number was… zero (from Forbes.com).
Makes you want to run to install an antivirus on your device? No harm per se, but one needs to be aware that statistics can mislead. Fact: Android users constitute over 85 per cent of the market. Fact: Android malware comprises about 97 per cent of the mobile malware share. What is also true is that if you stick to getting your apps from the official Google Play Store, your risk of getting bitten is just 0.1 per cent, says F-Secure figures for 2013, that is one out of every 1,000 apps. And that too, the risk is limited, because rogue apps tend to get flushed out of the Play Store sooner rather than later. In other words, giving the Android platform a bad name are the various shady third-party app stores. The worst offender is one known as Android159, which reportedly has a third of its apps infected!
If you’re heaving a sigh of relief about now, it’s time to let some air out of the bubble. Yes, Google Play Store is more or less safe, but that does not mean rogue apps do not pop up — they may not be viruses, but they may be spyware and adware (refer to our story on FIFA-related scams last month), and put your personal data at risk. In fact, there have been fake antivirus products, as well as fake Blackberry Messenger on the Play Store.
That the Play Store is not a safe haven was also suggested by a paper written by BitDefender researchers, who found that it (also the App Store) have a disquieting number of dubious apps — those that authenticate over unsecured connections or steal your personal data. Then there are apps requiring excessive permissions to snoop on your phone habits, as well as repackaged apps that are spyware. They put a lot of this down to careless coding and inexperienced app developers on the Play Store.
To murky the waters further, there is the fragmentation of the Android market. Like any software, Android too is better and more secure with each new version. As Google — and any tech pundit — will repeatedly tell you, stay updated to stay safe.
However, that is easier said than done, with users being at the mercy of handset manufacturers for Android updates. The last update my two-year-old mid-range Sony Ericsson handset received officially was Ice-Cream Sandwich. That leaves my phone without the Verify Apps feature that was introduced in JellyBean that prevents harmful apps from being installed on your device (albeit works with Play Store apps only).
Thus, the long and short of it is, stick to the Google Play Store (or other reputed app stores), watch those app permissions, and — to be on the safe side — keep an antivirus app as a back up.
(The author is a personal tech writer)