Apps be careful

Keeping infected apps off your Android requires common sense more than anything

Android Central University — SecurityIt's not exactly a secret that Android's pretty open, and that it's possible for bad people to do bad things with apps. That's possible with any computer system, of course. And like any other computer system, Android has checks and balances that help keep you safe. Most of them are done without you having to lift a finger. There are gates that have to be opened for malware to get through, and chances are the bad guys are hoping you'll hand them the key in the first place.

There are basic steps you can take to help make sure that doesn't happen.

We'll walk you through five easy ways for keeping virus- and malware-laden apps off of your Android.

1. If you don't know what it is, don't install it

This app is totally safe

Treat your apps like you treat your food. Well, like you should treat your food. If you don't know what it is or where it came from, you might want to think twice about installing it.

It's not all that unusual to get e-mail with links to an app — but we'd advise against blindly installing full apk files (that's the file type for Android applications) you receive in email, or maybe are linked to in spammy text messages. Or even that you find in various forums around the Internet. You simply have no way of knowing what's in there without some serious hackery.

That leads us to the next point ...

2. Only install from Google Play or other reputable app stores

App stores

Where would you rather buy your meat? From a tent on the side of the road? Or from the refrigerated case at the well-known grocery store? You've got a far smaller chance at getting food poisoning at one of those places.

Where else do we recommend? The Amazon Appstore, for one. There's a good bit of duplication between it and Google Play, but you should also be able to download in safety and comfort. Well, in safety, anyway. And Amazon's always running deals on apps.

What would we avoid? Random download locations on the Internet. App stores that seem too good to be true. Anything that promises scores of paid apps for free (and not in a "deal of the day" sort of situation, ya know?).

3. Protect ya neck: Uncheck "Install from unknown sources"

Unknown sources

So, yes. There's some scary stuff out there. The good news is that, by default, there's a pretty simple mechanism in place that keeps you protected.

By default, every Android phone that has access to Google Play ships with a lock that keeps applications from outside Google's store from installing themselves. It's a safety feature, is all, and not about stifling competition. With that lock in place, you'll get a warning should an application try to install itself from outside Google Play — whether you initiated it, or not.

Should you need to, disabling that lock is just a matter of ticking the "Unknown sources" box in your security settings. And you'll need to do it if you want to, say, install the Amazon Appstore.

4. Read the permissions


This part's hard. We have to force ourselves to do it, too. But any time you install any app on your Android phone — whether it's from Google Play or anywhere else — the app will declare permissions. That is, it's telling you what it has access to do on your phone. Maybe that's having access to the camera. Or to the Internet. Or maybe it has access to record your keystrokes. Or to know your precise location. Or access to your contacts. Or to send and receive email.

Some of those sound more scary than others. But they all have functions. Keyboard apps need to record your keystrokes. Anything that uses GPS will know where you are. If an app can send email or place phone calls for you, it'll need access to your contacts.

Google still needs to do a better job explaining in plain English what permissions do, and why an app might need them. Good app developers will list the reasons in their app listings. (There's another reason to make sure you're using good app stores.) But you as an end user can also be vigilant. The classic case is an app that lets you download and change your wallpaper on a regular basis. Does it need access to the Internet? Sure. Does it need access to your camera? Maybe, if it lets you set a wallpaper by taking a picture of something. Does it need to be able to record your keystrokes? Probably not.

If you need help, ask around in our Android Forums, or check out this post for a primer on permissions.

5. Yes, you can use a virus scanner if you want


We get asked this all the time: "Should I use an antivirus app on my phone? Do you use one?"

Some of us here do. Some of us don't. Do you need to? Probably not. Google scans everything that goes through Google Play. It has the ability to check apps that you've sideloaded to your phone. That's not 100 percent foolproof, of course. There have been a few instances of fake antivirus apps being purchased off Google Play. (We'd stress that that's the exception and not the norm.) And there have been plenty of times that antivirus apps cause false positives.

If you're really that worried, then by all means, use an antivirus app. We'd recommend sticking with one of the big names out there. And we'd recommend finding one that has a bunch of extra features, like the ability to locate and wipe your phone if you lose it. (Though that's another feature that Google does for free, too.)

See, it's really not all that hard to avoid malware and viruses on your Android device — never mind what all the fear-mongers say.

One last tip: If you have questions about any of this ... ask for help! We've got forums full of fine helpers or Google+ and ask us a question.