Android security

Twinmomma416 asks in the Android Central forums,

My contract with AT&T is up, and we are switching providers due to limited tower availability near our home. We will be switching to Sprint which does surprisingly well where we are at.

I was a BlackBerry power user who switched to iPhone two years ago. I loved it. Ease of use, all the apps, etc. ... Disappointed in the lack of customization but happy with the security of the phone and trusting the apps.

Fast forward to now and I'm rather let down by the iPhone 5 release. I was hoping for much more - bigger screen, more iOS features/customizability. I'm a big fan of Apple computers mostly because I don't have to worry about viruses and my wife downloading stuff since she is NOT a techie at all. Played with my friend's HTC Evo 4G and fell in love.

Here's my problem. I don't like what I'm reading about the susceptibility Android's platform has for keyloggers and spyware. I deal with a lot of confidential information (I work in government HR) and I cannot risk someone putting something on my phone either through an app, an email, a text, whatever, that could compromise that. I've searched for anti-keyloggers/anti spyware but I'm not finding anything that really puts my mind at ease.

I'm not interested in rooting a device, but I am interested in making sure I don't worry about these things daily. I want to go Android, but Apple's security leaves me feeling more at ease.

Thoughts from the experts here?

I should add I'm also considering the Galaxy S3

Android and app security. The two seem to get mentioned together anytime you read a title somewhere. They are a combination of terms that brings web traffic, and it's always easy to drive fans from both side into a tizzy. Let's cut the hyperbole and talk "real" for a minute or two, after the break.

(Have a question you need answered? (Preferably about Android, but we're flexible.) Hit up our Contact Page to get in touch!)

Yes, there is malware that can affect Android phones. There's also malware that affects iPhones, BlackBerries, Windows Phones, your Mac, and even Unix-based industrial machines that control things like dams and nuclear power plants. If you can write and install software on it, there's malware for it. People sticking their head in the sand and saying otherwise are doing a huge disservice to the folks listening to them. 

There are two issues at play -- one is the definition of malware, the other is the ease of installing it. We'll tackle the definition first. 

Programs that track you and display ads, after telling you they will track you and display ads, are not malware.

Yes, having your browsing habits sent to some server in the Ukraine sucks, but if you knew ahead of time and installed it anyway, it's not malware. It's just easy to call it as such because it's a hot topic and we're pissed off when we see it in action. Most times you'll see this done by folks who have a genuine interest in furthering the idea that Android is rampant with malware. Scaring people has been a lucrative business since the Middle ages. I'll let you in on an industry secret -- all of us who write words on the Internet are just regular people, and that means that some of us will do or say things to get a reaction. We know how to manipulate the group thinking process, because we're exposed to it daily. Always think critically about anything you read or hear. 

The other issue is that legitimate malware is super easy to install on Android. A simple tap will allow you to install applications from any source, with no jailbreaking or developer accounts needed. The vast majority of malicious applications come from third-party sites who offer applications that have been injected with other code. Sometimes the lure of getting pirated apps for free is too strong for some folks to resist, other times it's because an application isn't available through official channels, but there are a lot of folks sideloading apps to their Android devices. These apps haven't been scanned by Google's Bouncer process that scans every application for malicious code. 

So what do we do about it? First off, always read application permissions before you install an app. If you don't, there is only one person to blame when things go bad. I can write an app that steals your address book and posts it to Twitter, but I have to tell you I'm going to be digging in your address book and accessing your other accounts to deliver it. Be critical, and anything you don't understand when installing an app is something you need to be asking about. That's the whole reason Google presents us with the app permissions in the first place. 

Next, be mindful of where you get your apps. If you're not computer-savvy, only install apps from Google Play. The few times "malware" has been spotted in the Play store is has been quickly removed and addressed, just like it's done in Apple's appstore. Chances are you'll never see it, let alone download it. If you do use other sources to sideload apps, read the previous paragraph again. Then read it twice.

It's foolish to think that there isn't a need for diligence on any computing platform. A quick Google search will show you how claims of a platform being "malware-free" have been debunked time and time again. Use the tools Google gives us, and a bit of old fashioned common sense, and you'll be just fine.

 
There are 18 comments

Anon_Emus says:

Well said and thanks!

oldescript says:

Nicely said and needs to be reposted periodically...the lack of short term memory seems to be a growing problem...you're a good man @gbhil

JobiWan144 says:

+1 for reposting this article every so often. This article should be featured every least linked every time there's a security scare on Android. It would probably make a bigger impression if it were reported and featured at the top of the home page in such situations. Jerry, you continue to form it articles that say what so many people need to hear. Keep up the good work, sir.

i would agree but the guy writing the letter was begging to be told not to worry about buying android and here is why. that is not what he got. if i were the one that wrote the letter, this article very well might have scared me away. its too complex and raises more questions than what was answered. no doubt due to jerry not knowing what it is like to be 'scared' to take the leap into android after everything that is said by the ignorant masses. and understandably so.

dyoung238 says:

I enjoyed every word of this! I even stood up at my desk and vocally exclaimed how well stated this article is. Excellent work Jerry!

abtxpress says:

When your installing a hacked app and click that box that says you could be harming your privacy is on you, not android. If an app cost 5 bucks and you can find it for free, then cudos to you, and your free hacked version comes pre-installed with malicious code, then you get what you deserve.
Why does everyone want to blame android for their actions. You never hear someone say Microsoft is bad because they downloaded a pirated game... but if they do on android it googles fault? Come on people, don't be idiots. Free can come with a price, accept your own faults and stop blaming others for your mistakes.

crxssi says:

Great post Jerry.

People need to use common sense. There is a reason that ALL Android phones have "Install from untrusted sources" turned OFF by default.

Rob White says:

This should be like a sticky on the front page of the site. Maybe a yellow exclamation point with a category all its own. Call it something like 'Scared S...less' or something that stands out like the NSFW section. The more tiring issue is having to try & explain this to people when we could just say go read this ____________ @ Android Central right there on the front page.

Just a thought that hopefully you've considered at some point. The easier it is to define & debunk these myths the better for us all.

A nicely written piece as always Jerry.

so yah... there is no reason to install anti-virus apps and such on your android phone. you can easily see in the app store how many times it has been downloaded and how many reviews it has etc. as long as you stick with common sense, you will be fine.

you talk like a grown up. so i can only assume you will not be downloading each and every free game you find in the play store. for me... this is how i always get irritated at android. i will be sitting in the airport and bored with the one or two games that i keep and will download a slew of apps before i get on the plane. some of these will end up putting me on a text list. where i will get offers. once i uninstall the games... the texts stop. in eleven months.. i have probably received a dozen or two of these texts. so its no biggy.

now you need to know and understand what the permissions are saying. anytime you want to install an app. it will take you to the permissions page. scroll to bottom of permissions and see if it has full web access. if it does. then you need to look at what all it can access. as in can it connect online and have access to your pics contacts etc. if the app isnt something that normally would need this info... then dont download it. there is almost always a version of something that doesnt need web access when it comes to things like calculators, alarm clocks, flashlight, etc.

something else to take note of... the apps that require web access is normally only there to give you ads. the good apps will plainly state in the description why it wants web access. i have found that you can pretty much trust what they say.

as someone who is careful with what ends up on his phone, puts on a different rom monthly, and sporadically downloads apps that i know is not good.... i have never had a security issue with my phone. but...that isnt to say that someone cant get a hold of your phone and in five minutes have something malicious on there. <--iphone or android.

DWR_31 says:

Just use Lookout and read permissions!

commander 4 says:

Exactly!!!I use Lookout and have no issues with security

Mihavit says:

i agree there is something wrong with ppl when it comes to using android. u should be gladthat android tells u what the app will have access of. iphone doesnt have this feature at all and we should thank google for being smart and informing customers what they are about to download. this article is well put together. thank u for clearing up any confusion.

jontalk says:

Interesting topic since just today I was at the ATT store to ask why my new GS3 wasn't receiving the OTA updates. As a big supporter of Avast which I run on both my desktop and laptop, I installed it on my phone for just this reason. Then one of the ATT reps said that there's a good chance that Avast is blocking the OTA updates, even though all my apps update without any problems. So I guess I'm curious to know whether his statement has any merit. I like having Avast on my phone, but removed it just to see if he's right. Thanks.

there is no reason to use avast on your phone. maybe your kids phone... but anyone that is half way responsible doesnt need it. all it does is use resources and slow your phone down.

PGiovanni says:

Side loading apps, holds the same dangers as a jailbroken iPhone... As long as you get legitimate apps from Google you'll be fine.... I also use lookout which scans the app prior to installation, and I never got any red flags...

SamTime says:

She can't be that smart if she honestly thinks her Mac isn't susceptible to malware and hackery. Security experts are always saying how bad Safari is in terms of security. Remember when the MBP was hackable to where someone could remotely gain access to it and essentially combust the battery? Also, if you can jailbreak an iPhone by going to a website on mobile safari, your ish isn't secure.

Did she forget how Apple just handed over that journalist's info?

Losingit says:

Well said.

Koko Roko says:

I recently found a useful app in Amazon that not required any unnecessary permissions and store all your passwords - MyPasswords
http://www.amazon.com/gp/product/B00KPSK43K/ref=s9_simh_gw_p405_d0_i1?pf...