The popularity of Android and iOS has put a target on their virtual backs. These operating systems are a new frontier for those who use malware to achieve nefarious goals. Many users don’t take security seriously and will happily download dangerous apps they’ve never dream of downloading to their PC.
App stores have hindered as much as they’ve helped. While they provide some policing, and remove known malware, they also lend a facade of credibility to everything they sell. Users assume apps have gone through rigorous testing, but that’s not true. You have to watch out for yourself – so here are warning signs to look for when grabbing a new app.
Let’s start simple. Read the reviews!
This may seem like an easy, no-brainer tip – and it is. But in my experience, the easiest and most obvious tips are always the most obvious. Everyone knows they should use two-factor authentication on Gmail and Facebook, for example, yet users constantly have their accounts hi-jacked.
When I say “read the reviews” I don’t mean look at the final score. I mean, read the reviews. Look what users are saying. If an app is working well enough, but many some users are concerned about the permissions it asks for, that may trigger you to do more research. Other apps will have far more obvious signs of trouble, such as users stating their phone’s data or text messaging use mysteriously shot up after downloading a specific app. Such behavior is a huge red flag that you’ve downloaded a dangerous apps.
Read The App Description
After you’ve read an app’s review you should also read the app’s description. What you’re paying attention to is not the app’s features, however. You’re instead looking for signs of professionalism – or lack thereof.
Malicious apps, like PC malware, phishing attacks and many scams, are not known for their marketing wit or accurate grammar. Most are obviously fake upon closer inspection. Sentences will end in fragments, words will be used incorrectly or misspelled, and even the name of the app may contain errors.
The lack of rigor may seem weird, because it makes malware easier to spot, but the lack of effort also makes malicious apps easier to re-submit or post in large quantities. Malware usually isn’t designed to lure a specific target – it’s simply meant to spread as far and wide as possible.
Legitimate apps sometimes contain spelling errors, as well, but there’s a big difference between using “then” instead of “than” and an app with a nearly unreadable description.
Check The Developer
If you’re suspicious about an app’s authenticity you can attempt to verify it by looking at the developer. Both Google Play and the Apple App Store list the developer of an app near the app’s name, and you can click (or tap) on it to bring up other apps that the developer has worked on.
Look for the popular game The Sims on the Google Play store, for example, and you’ll see many results. Two of these are from Electronic Arts, the publisher of the game, and you can verify their authenticity by clicking on the developer’s title and seeing that the developer is in fact the real EA and is selling numerous EA games.
Searching for The Sims will turn up other results including cheat guides, wallpapers and perhaps a clone or two. You can see that these apps are not offered through Electronics Arts, so they should be treated cautiously. In many cases, these apps are legitimate (though not very useful) – but they could also be the perfect front for malware.
Review Permissions (On Android)
Android users always see a list of permissions appear when an app is to be installed. These permissions tell you what the app will be allowed to have access to. There are many things that an app might want, yet they may not always make sense. If you download a wallpaper app, for instance, it shouldn’t be asking for permission to use your contacts. We’ve already published a guide to Android’s permissions, so if you want to know more, check it out.
Do remember, however, that permissions are not a guarantee. Android is designed so that an app can’t leave the “sandbox” in which it’s been placed, but the boundaries of that sandbox are not impenetrable. Malicious apps have found workarounds in the past, so you shouldn’t install an app you’re suspicious of because its permissions seem harmless.
Run An Antivirus (On Android)
The iOS platform doesn’t benefit much from an antivirus at this time. Apple policies for apps are more rigorous than Google, removes malicious apps that are found (there have been a few) quickly, and maintains tight control over the OS.
A few anti-virus applications are available for iOS, but they generally exist to scan for files that might infect another device (like a Windows or Mac computer) if transferred to them. This doesn’t mean that the iPhone could never be infected, but there’s no market for quality antivirus apps on the iPhone. Why buy an antivirus app if you’re not sure it will perform?
Android, however, has been hit by malware numerous times over the last year. Running an antivirus on your Android is a wise choice. There are many anti-malware apps on the market, but some of them are better than others. Read our round-up of the top three Android antivirus apps to decide which you should use.
Guarding yourself from dangerous apps requires a combination of common sense, fact checking and antivirus protection. There’s no single indicator that can tell you if an app is safe or not. That’s all the more reason to use caution. Don’t download a strange app without confirming it’s worth your trust.