It’s not exactly news that the Android platform has beensusceptible to malware attacks using fake apps as a vector, but people oftenbecome complacent between publicized incidents. While the latest high-profileexploit obviously isn’t something to celebrate, it does provide a good excuse to bring up the issue again.
This particular bit of nastiness is an app masquerading as aChinese game known as “The Roar of the Pharaoh”. Those trying to install itwill eventually realize it’s not what it seems – instead, it’s a Trojandesigned to steal the personal data you have on your Android phone, and send itaway to the app’s authors.
PC users have gotten used to this dance – unless you’veprotected yourself with some sort of anti-malware solution, you have to remain extremely vigilant about what you do onyour machine. Do something careless, and you could find yourself infected. Weknow this.
But in the mobile world, a lot of people haven’t used thesame level of care while installing apps, because it’s by-and-large been asafer space. Those who have chosen the iPhone have been getting their apps froma curated market where almost all dubious items are removed extremely quickly.But that means living under the thumb of the big overseer, with little recoursefor those who want apps that have been rejected (fairly or not).
The Android platform has made it far easier to get apps – inaddition to the sanctioned marketplaces (including both Google Play and themanufacturer-specific app stores), it’s been possible to side-load apps fromother sources. But that’s made it extremely easy to get apps that may be lessthan legit into the hands of people that aren’t fully aware of the implicationsof choosing a non-curated app.
There are a zillion good reasons to opt for an Androidsmartphone – cost, variety, personal taste and independence from corporateoppression, to name just a small handful. But it means staying more vigilantwhen installing apps, or you might find yourself sending your passwords andyour entire contact list to someone in a basement on the opposite side of theplanet, without even knowing it.
To really be secure, you also have to pay attention to thepermissions an app is looking for when you’re installing…if a game is lookingfor access to your contact list, think twice before accepting. But in somecases, even that isn’t enough, because this particular exploit didn’t even askfor permissions.
Ultimately, you should be trying to only get apps from trusted sources. And you should always try tocheck around to be sure that an app is safe before installing it on an impulse.Just the same what you used to do (or should have done) on your PC.
The more things change…
Man with hidden face image by Shutterstock.
Sponsor: IBM Canada Ltd
The New Workplace: Supporting “Bring your own”
“Bring Your Own Device” (BYOD) and the “consumerization of IT” have taken hold in the enterprise, and employees using their own personal smartphones and tablets for business have become pervasive.