Recent press attention has focussed on malicious applications on the Android platform. In this guide, we outline how you can make sure your phone doesn’t become infected.
- 1 Which phones does this guide refer to?
- 2 Is it safe to download Android applications?
- 3 How do I tell which Android applications are safe to install?
- 4 Is it safe to download applications from outside the Android Market?
- 5 How do I ensure my applications are up-to-date?
- 6 How do I upgrade to the latest version of Android on my phone?
- 7 Are there any anti-virus applications available for Android?
- 8 How does the security of Android Market compare to the iPhone App Store?
Which phones does this guide refer to?
This guide refers to all mobile devices running the Android operating system by Google. This includes many (but not all) of the devices manufactured by HTC (Desire and Wildfire families), Samsung (Galaxy family), LG (Optimus family), Motorola and Sony Ericsson. This guide also applies to tablet devices running Android – tablet devices such as the Samsung Galaxy Tab and Dell Streak run the Android operating system.
Is it safe to download Android applications?
Generally downloading Android applications from trusted sources such as Android Market is safe providing you take the right precautions. Android applications are all “sandboxed” – this means they can’t access personal data such as your text messages or phonebook or connect to the internet without asking for your permission first.
There has recently been some press coverage about 50 applications in the Android Market which were found to contain viruses. The malicious applications were repackaged versions of existing Android applications with the addition of some extra virus code. These viruses took advantage of a security vulnerability in Android versions 2.2 and earlier (technical info here) to “escalate” their permissions beyond what the user had agreed. The security vulnerability is fixed in Android 2.3 but unfortunately the vast majority of users are still running Android 2.2 or earlier.
How do I tell which Android applications are safe to install?
Generally most Android applications from the Android Market should be safe to use and install. There are several key precautions you should take though:
- Read the “permissions requested” dialog carefully (see right). Think about whether the permissions requested are required for the functioning of that application: for example a wallpaper application shouldn’t be requesting permissions to access your phone book or browser history.
- Check the number of downloads the application has previously had. Applications which have been downloaded a large number of times (>250,000) are better: because so many other people have downloaded them the application should have undergone a fair bit of scrutiny. You should definitely stay clear of applications with under 10,000 downloads.
- Check the rating of the application. Anything below 4 stars might indicate that the application doesn’t work correctly.
- Check the comments which other people are writing about the application. You’ll usually be able to get a good idea of whether the application works correctly or not.
- If possible, only download applications through the official Android “Market” application on your phone. Downloading applications from outside the Market is more risky.
You should take the same precautions when downloading Android applications as you would with applications from your PC: stick to popular applications from trusted and well-known developers whenever possible.
Is it safe to download applications from outside the Android Market?
There are other application stores available on Android besides from the Android Market. Sometimes phone manufacturers and mobile networks will add their own (e.g. Samsung adds “Samsung Apps”, Vodafone adds 360). Generally applications from these app stores should be safe as they will have undergone some kind of review process.
Beware of applications that you find directly on the internet as .apk files. These will not have undergone any kind of review process and could contain malicious code. By default, Android does not allow you to install applications from these “unknown sources”. To make sure you don’t accidently install applications from these “unknown sources”, go to “Settings > Applications” and ensure that “Unknown sources” is unticked.
How do I ensure my applications are up-to-date?
It is worthwhile ensuring that all of your applications are up-to-date and that you’re running the latest versions. You can do this through the Android Market application. In the “Market” application, go to “My apps” and your installed applications will be listed. Any relevant updates will be listed: you can manually update each application or press “Update all” to update all of your applications.
How do I upgrade to the latest version of Android on my phone?
For the greatest security, you should ensure you are running the latest version of Android which is available for your phone. This will ensure that you have all the latest patches and bug fixes. Consult your phone’s manual as to how you can do this: for example HTC phones support an “over-the-air” (OTA) update through the “Settings” menu whereas Samsung phones can only be updated through the desktop software (Samsung Kies). The exact update mechanism varies between phones and manufacturers.
Are there any anti-virus applications available for Android?
Yes – although it is still a matter of debate as to whether it’s necessary to use one (we don’t).
The two best-known anti-virus applications for Android are Lookout Mobile Security and Norton Mobile Security. Both applications are free to download and will detect & remove malicious applications running on your phone. Both applications also contain handy features in case you ever lose your phone: the applications will allow you to locate your phone or wipe personal data from the device remotely.
How does the security of Android Market compare to the iPhone App Store?
Generally Apple are more stringent with the applications that they allow into the iPhone “App Store”. Apple employ human reviewers to check applications which are submitted to “App Store”. Meanwhile, Google takes a more open and community-led approach with the Android Market by placing fewer restrictions on the applications allowed in the Market and using user feedback & ratings to determine the quality of applications.
Whilst the use of trained human reviewers might in theory make the iPhone “App Store” more secure than relying on the “wisdom of crowds” of Android Market, this is probably not true in reality. Malicious applications have been detected in both the “App Store” and Android Market. Regardless of which platform and operating system your phone runs, it’s important to be aware about security and to be sensible about which applications you choose to install.