Monday 11 July 2011

Another Android Trojan, again!

http://threatpost.com/en_us/blogs/new-sms-trojan-targeting-android-users-071111

Android, I love it. It is my mobile platform of choice, and I have even converted the wife!
I have followed it from the beginning, and now it is taking off in a big way. Samsung, HTC, Motorola and Asus have all jumped on board, mobile phones, tablets, even photo frames, it really is everywhere. People may be using mobiles and not realise they are running Android, is that a sign of success? I think so, but I digress.
Unfortunately, the price of success today is increased focus from the bad guys. Look at Apple, for years Mac owners believed they didn't need antivirus as there wasn't any malware designed to target Macs. Now, this may have been true, but this was down to Apple having a tiny PC market share compared to Microsoft, so the bad guys targeted Microsoft. A bigger return on investment. Now Macs are more popular we are seeing more and more malware aimed Apples way. As shown in the following BBC article:

http://www.bbc.co.uk/news/technology-13453497

And Android is seeing the same, the fact it is open source and the Android Market rules are a lot more lenient than Apple's AppStore just compounds the problem. However, with a little research the risks can be reduced significantly. Here's a few pointers:

1. Before installing any app, Android informs you what permissions the app is asking for. These permissions are essentially what controls what the app can do. Ask yourself why the app needs to do this? Why would a wallpaper app need to SMS people? An excellent article on Android Central lists some of the scarier permissions and what they mean. Check it out, it could save you in future

http://www.androidcentral.com/look-application-permissions?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+androidcentral+%28Android+Central%29

2. Read the reviews! Unless you are like me (must have new toys now!), then wait a while and let the braver "testers" install the app and review it. Let the others take the risks (unless you are one of those risk takers, but then that's a whole new ball game).

3. Only install apps from trusted sources. Well, trusted is a bit of a loose term, as malicious apps have appeared in Google's official Android Marketplace, but Google are pretty swift to mop them up once alerted. But for the purpose of this post we'll call them trusted. So, try and stick to the Android Marketplace, Amazons app store (for the US readers), GetJar etc. Although the lines are going to become blurred even further with more  app stores on the horizon (Samsug and HTC are both looking to get in on the game).

4. Most of all, use some common sense. If it doesn't feel right, for whatever reason don't install it. This applies to all mobile platforms, not just Android.

Don't get me wrong, i love Android, and I wouldn't swap for another mobile platform. But everyone should apply the same thinking they do with their PCs. Downloading practices have been forced down everyone's throats for years now, carry them over to your mobile devices.

No comments:

Post a Comment