It seems like you can’t go a week
without one security firm or another producing a statistic illustrating just
how much Android malware there is in the wilds of the internet. More often than
not, these reports come with a few reminders that the company’s own security
suite can protect you from these nasty bits of code, which is true some of the
time. However, Android is by its very nature more secure than a desktop
computer, so maybe you don’t need these security apps. You’ve probably already
got what you need.
The
scare tactics
The most recent Android malware
report comes from Check Point, which says nearly one billion android devices
have critical vulnerabilities in the underlying Linux kernel. Shocking and
upsetting, right? It’s a legitimate security issue, but the reporting is, as
usual, overly breathless and dramatic. The PR certainly makes it seem
like your phone is ripe for infection, but the real situation is much more
nuanced.
these vulnerabilities are already
patched in the Android Open Source Project (AOSP), and the others will be soon.
As OEMs build new updates, they’ll include updated patch levels, which you can
see in your software info.
We’ve all been programmed by PC
malware, which can sneak onto your system simply because you visited the wrong
website with a vulnerable browser. These “drive-by downloads” aren’t feasible
on Android without a pre-existing infection. On Android, you have to physically
tap on a notification to install an APK downloaded from a source outside the
Play Store. Even then there are security settings that need to be manually
bypassed.
What if a QuadRooter app were to
make it into the Play Store before then? Google’s platform has the ability to
scan for known malware when it’s uploaded. There’s also a human review
process in place for anything that looks even a little bit questionable. Google
just started doing this a few months ago, mainly as a way to keep copycat apps
and obvious scams from slipping through the cracks.
The solution pushed by AV companies
is to install a security suite that manually scans every app, monitors your Web
traffic, and so on. These apps tend to be a drain on resources and are
generally annoying with plentiful notifications and pop ups. You probably don’t
need to install Lookout, AVG, Symantec/Norton, or any of the other AV apps on
Android. Instead, there are some completely reasonable steps you can take that
won’t drag down your phone. For example, your phone already has
antivirus protection built-in.
What
you should do to stay safe
Your first line of defense is to simply not mess
around with Android’s default security Settings. To get Google
certification, each and every phone and tablet comes with “Unknown sources”
disabled in the security settings. If you want to sideload an APK downloaded
from outside Google Play, all you need to do is check that box. Leaving this
disabled keeps you safe from virtually all
Android malware, because there’s almost none of it in the Play Store.
There are legitimate reasons to allow unknown sources, though. For example,
There are legitimate reasons to allow unknown sources, though. For example,
Amazon’s
Appstore client sideloads the apps and games you buy, and many reputable sites
re-host official app updates that are rolling out in stages so you don’t have
to wait your turn. If you do take advantage of this feature, the first time you
do so a box will pop up asking you to allow Google to scan for malicious
activity. This is known as Verify Apps and it’s part of Google Play Services on
virtually all official Android phones. Google has confirmed that QuadRooter is
detected and disabled by Verify Apps. So, even if your device is lagging on
security updates, you shouldn’t have to worry.
Users have been rooting their Android phones ever
since the first handsets hit the market, but it’s less common these days. The
platform offers many of the features people used to root in order to acquire.
Using rooted Android is basically like running a computer in administrator
mode. While it’s possible to run a rooted phone safely, it’s definitely a
security risk. Some exploits and malware needs root access to function, and
otherwise it’s harmless even if you do somehow install it. If you don’t have a
good reason to root your phone or tablet, just don’t open yourself up to that
possibility.
Android apps also exist that might
not be “malware” per se, but you might not want them on your phone because they
snoop through your data. Most people don’t read the permissions for the apps
they install, but the Play Store does make all that information available. As
of Android 6.0, apps need to request access to sensitive permissions like
access to your contacts, local storage, microphone, camera, and location
tracking. If an app has reason to access these modules (like a social
networking app), you’re probably fine. If, however, a flashlight app is asking
for your contact list, you might want to think again. The system settings
include the tools to manually revoke permissions for any app.
It really just takes a tiny bit of common sense to avoid Android malware. If you do nothing else, keeping your downloads limited to the Play Store and other 100% trustworthy sources will keep you safe from almost all threats out there. The antivirus apps are at best redundant and at worst a detriment to your system performance.
It really just takes a tiny bit of common sense to avoid Android malware. If you do nothing else, keeping your downloads limited to the Play Store and other 100% trustworthy sources will keep you safe from almost all threats out there. The antivirus apps are at best redundant and at worst a detriment to your system performance.
0 comments:
Post a Comment