Apps be careful

Keeping infected apps off your Android requires common sense more than anything

Android Central University — SecurityIt's not exactly a secret that Android's pretty open, and that it's possible for bad people to do bad things with apps. That's possible with any computer system, of course. And like any other computer system, Android has checks and balances that help keep you safe. Most of them are done without you having to lift a finger. There are gates that have to be opened for malware to get through, and chances are the bad guys are hoping you'll hand them the key in the first place.

There are basic steps you can take to help make sure that doesn't happen.

We'll walk you through five easy ways for keeping virus- and malware-laden apps off of your Android.

1. If you don't know what it is, don't install it

This app is totally safe

Treat your apps like you treat your food. Well, like you should treat your food. If you don't know what it is or where it came from, you might want to think twice about installing it.

It's not all that unusual to get e-mail with links to an app — but we'd advise against blindly installing full apk files (that's the file type for Android applications) you receive in email, or maybe are linked to in spammy text messages. Or even that you find in various forums around the Internet. You simply have no way of knowing what's in there without some serious hackery.

That leads us to the next point ...

2. Only install from Google Play or other reputable app stores

App stores

Where would you rather buy your meat? From a tent on the side of the road? Or from the refrigerated case at the well-known grocery store? You've got a far smaller chance at getting food poisoning at one of those places.

Where else do we recommend? The Amazon Appstore, for one. There's a good bit of duplication between it and Google Play, but you should also be able to download in safety and comfort. Well, in safety, anyway. And Amazon's always running deals on apps.

What would we avoid? Random download locations on the Internet. App stores that seem too good to be true. Anything that promises scores of paid apps for free (and not in a "deal of the day" sort of situation, ya know?).

3. Protect ya neck: Uncheck "Install from unknown sources"

Unknown sources

So, yes. There's some scary stuff out there. The good news is that, by default, there's a pretty simple mechanism in place that keeps you protected.

By default, every Android phone that has access to Google Play ships with a lock that keeps applications from outside Google's store from installing themselves. It's a safety feature, is all, and not about stifling competition. With that lock in place, you'll get a warning should an application try to install itself from outside Google Play — whether you initiated it, or not.

Should you need to, disabling that lock is just a matter of ticking the "Unknown sources" box in your security settings. And you'll need to do it if you want to, say, install the Amazon Appstore.

4. Read the permissions

Permissions

This part's hard. We have to force ourselves to do it, too. But any time you install any app on your Android phone — whether it's from Google Play or anywhere else — the app will declare permissions. That is, it's telling you what it has access to do on your phone. Maybe that's having access to the camera. Or to the Internet. Or maybe it has access to record your keystrokes. Or to know your precise location. Or access to your contacts. Or to send and receive email.

Some of those sound more scary than others. But they all have functions. Keyboard apps need to record your keystrokes. Anything that uses GPS will know where you are. If an app can send email or place phone calls for you, it'll need access to your contacts.

Google still needs to do a better job explaining in plain English what permissions do, and why an app might need them. Good app developers will list the reasons in their app listings. (There's another reason to make sure you're using good app stores.) But you as an end user can also be vigilant. The classic case is an app that lets you download and change your wallpaper on a regular basis. Does it need access to the Internet? Sure. Does it need access to your camera? Maybe, if it lets you set a wallpaper by taking a picture of something. Does it need to be able to record your keystrokes? Probably not.

If you need help, ask around in our Android Forums, or check out this post for a primer on permissions.

5. Yes, you can use a virus scanner if you want

Antivirus

We get asked this all the time: "Should I use an antivirus app on my phone? Do you use one?"

Some of us here do. Some of us don't. Do you need to? Probably not. Google scans everything that goes through Google Play. It has the ability to check apps that you've sideloaded to your phone. That's not 100 percent foolproof, of course. There have been a few instances of fake antivirus apps being purchased off Google Play. (We'd stress that that's the exception and not the norm.) And there have been plenty of times that antivirus apps cause false positives.

If you're really that worried, then by all means, use an antivirus app. We'd recommend sticking with one of the big names out there. And we'd recommend finding one that has a bunch of extra features, like the ability to locate and wipe your phone if you lose it. (Though that's another feature that Google does for free, too.)


See, it's really not all that hard to avoid malware and viruses on your Android device — never mind what all the fear-mongers say.

One last tip: If you have questions about any of this ... ask for help! We've got forums full of fine helpers or Google+ and ask us a question.

 

Reader comments

Five tips for avoiding viruses and malware on your Android

38 Comments

I was hoping for a single bullet point: only install from trusted sources.

I don't think the average user should be concerned about malware, Google has put safeguards in place.

Posted via Android Central App

Yes, and at the same time, if every 5 year old knows this that's great. What about the 50 year old or the 80 year old people? If everyone knew this, it would literally be common sense and these stories wouldn't exist.

Plus I wouldn't get calls from my grandma asking why something doesn't work all the time.

If posting this puts someone's mind at ease and keeps you or I from getting that dreaded "why doesn't my device work?" phone call, wouldn't you say this is helpful?

Exactly. And as I said long ago, that's the point of ACU. We're going to dive into everything. Some might be basic. Some won't be.

There's no reason we can't write for all kinds of folks. :)

I'm sure you could....so why not try it for once, instead of just the people who don't know there are web browsers other than internet explorer out there? I haven't seen any advice columns for power users....only people who have no business using unknown sources and couldn't tell you what adb means.

As a power user, do you really NEED ACU to tell you how to protect your phone? If so.... you are not a power user.

Is Grandma hanging out on AndroidCentral though? Articles like this are preaching to the choir. CNN is a better place.

Most teens don't get this. Many of them download pirated apps to save $1.99 without thinking of the consequences.

Posted via Android Central App

So do I....know how many times I've had malware on an android device? 0. Not one. This is so uncommon I'd be apt to even say it's a myth!!

Shame on you. You should never pirate apps. Developers work hard. What if you were a developer and people pirated your app? How would you feel?

This.

If an app is good, I will buy it.

Some people just download the .apk just as a 'trial' version to see if they like it. If they like it, then they'll purchase it off the Play Store. Sadly, most people in this world are too selfish for that to happen.

Same thing goes for torrents.

In fact, the only reason why some torrented stuff remains on my PC is because I'm either too lazy to get rid of them (Very bad attitude. Shame on me.) or I am unable to find the original version of that software anywhere, whether it's a store or Amazon.

Oh yeah cause software pirates make murderers, people who rob actual physical products/money, rapists, child molesters, etc. seem like model citizens.

(End of sarcasm)
Posted via Android Central App

Only when you spend hundred or thousand of hours developing and coding your app then you realize how it feel. Imagine going to work for a week or month and not get paid.

via android central app

I install apks that are downloaded from XDA all of the time. I always make sure it's from a reputable Dev first. Installing from unknown sources is the only way to even get the amazon app store on a non kindle device anyway. It's not hard to avoid viruses if you have even a grain of intelligence.

Posted via Android Central App

The Google play store isn't available everywhere Android phones are available, which could explain why people download from other sources in the first place.

Posted via Android Central App

Great post... yes everyone who visits this website on a regular basis knows this.. but a lot of people don't... Being a IT pro who often works on employees cell phones .. the general public thinks androids can just get viruses.

Good list/advice for noobs. There are way too many scare tactics used in mainstream media that make many think they must have anti-malware software (even for PC's). They prey on people's ignorance. In the end, such software only gives a false sense of security.

There are a bunch of free Apps on Google Play and Amazon Android Market. But, I find that when I really like an app, and/or do not want ads, I pay for it. Knock on wood, from my HTC EVO 4G to my Galaxy S4, I have yet to get a virus or malware installed on any devices.

Do virus scanners really even work? I think they only cross reference a database for "names only" of reported apps. I don't believe they thoroughly dissect an app looking for suspicious code.

Posted via Android Central App

I'm at a loss for words on this subject..
For Conservatives.. Sure.. why not.
But.. Rooted Users really have to have the "Unknown Sources" check box checked.
Because on the open market.. it's where all the really cool apps are.. You just have to know where to look.. :-)

I recommend unchecking unknown sources, some malware program auto install themselves without your permission that way.
Also I support the developers so I don't warez.
via android central app

This is all great but occasionally some nasty malware sneaks into the google play store and masquerades as some a game, ringtone app or a wallpaper app. of course, it's usually easy to spot for veteran Android or smartphone users. However, how do you tell your gadget and/or technology un-savvy family members in a way that they could easily understand?

Thanks Phil for the basics...I think this is an EXCELLENT post for people who are new to ANDROID whether they are young or old, or not cell phone tech-savvy. Don't let the "pseudo-wannabe ANDROID tech geniuses" with their smart-ass patronizing remarks dissuade you guys from writing these important, informative, and very useful articles. Keep up the GREAT WORK!

I let my phone download from 'untrusted sources' because of amazon's appstore and humblebundle's donation for games app. But i also have NOD32 running on my phone and it's a very well trusted anti-virus program. Also, I wouldn't use anything but those 3 sources to get apps since they are widely trusted, and even then stay away from some shady looking ones on there.

The article blows off antivirus as an optional thing and it really shouldn't. It'll keep more than just bad apps off your phone, it'll keep bad people out of there too. JUST LIKE YOUR COMPUTER. Even free ones are better than nothing, I just happened to have it come with my purchase of NOD32 for my PC.

If your phone supports NFC than turn it off if you've never used it or use AV if you do. That should have been #6.