Do you assume that anything in the Apple and Android app stores has been vigorously tested, vetted and proven 100% legit?
We’ve been telling users for decades now to be extra careful when downloading PC software to avoid common scams by crackers, fraudsters and pirates: so it is with tablet and smart-phone apps. Even though most Android malware comes from apps ‘side-loaded’ or installed from outside Google Play, be sceptical of cheap, free and trial apps even in the store. These may be perfectly legitimate, they may also be cloaks for nefarious activities such as financial and identity theft.
Smart-phones and tablets are the new frontier for cyber-criminals; worse than on PC’s, users are less technical and know little, if anything, about software security. Most assume that the app stores are completely secure. Meanwhile the home-hackers who cleverly root their devices or side-load apps can bypass many of the security features of Android.
In truth, the app stores are a mixed blessing. Yes, they provide a level of vetting and basic security – Apple in particular vets code and functions in its’ own tightly controlled proprietary police-state on-line. But even Apple has fallen foul of some nefarious apps before removing them.
Be extra careful when installing apps from Google Play and avoid websites offering paid apps for free. If the offer looks too good to be true, it probably is.
Read the reviews: read what other users are saying, particularly when they question the permissions an app demands before it will run. Does that free game really need access to ALL your profiles, social media, text messaging and contacts? The data usage suddenly went through the roof after install? Hm.
Read the Description: is it a professionally produced app, described in proper English, correctly spelt and with decent grammar? If it looks like boiler-plate text cut and pasted from a phishing email, then it probably is. This is a sign of crackers and scammers hurriedly pushing malicious code into app stores under various guises hoping to hook innocent users before it is spotted and taken down.
Check the release date and the version history: look at the pedigree of an app. The longer it has been around in the app store, the less likely it is to hide malware. The stores pull malicious apps very quickly.
Verify the Developer: both Google Play and the Apple App Store list the app developer next to the name, usually with a link to their complete catalogue of apps and their website. Check the developer has an established reputation and is who they claim to be. Large software houses such as Electronic Arts have independent websites listing their titles. Weed out the fakes before you install.
Interestingly, there are many add-ins, cheat sheets and wallpapers for popular titles, most of which aren’t from that developer. These may be free, cheap or paid extras; again, you need to verify this isn’t a scammer hanging on someone else’s coat tails. Check the developer and descriptions.
Review Permissions (Android): The Android app store lists the permissions required for a given app. First, decide if you are happy with what is listed, then if you decide to install, check the app doesn’t exceed that list in practice – you can spot many a trojan horse this way, just be paying attention. For example, wallpapers don’t need access to your contacts. Don’t just click through agreeing to anything. Monty Python’s organ donor service may just turn up at your door demanding a kidney.
The list of permissions requested may not always make sense; if in doubt, don’t install.
Also, don’t think the Android sandbox is completely impermeable; very clever apps have circumvented Android security in the past.
Run Anti-malware: While Apple polices apps much more effectively than the near free-for-all on Google Play, you might want to run an antivirus app on Android. Because of its’ open source credentials, Android has been much more liable to malware. There are anti-malware virus-checkers for Android to fill this gap. If you install a lot of apps from various sources, consider anti-malware to give yourself cover.
Don’t be First: don’t be the guinea pig for a new app in the store. However appealing it may sound, wait a while for the enthusiasts to install and review it before you jump in. Somebody will and if it’s malware, they will quickly report back.
Common sense applies to apps: just the same as it does when you hire a tradesman to do work in your house. Do you give a job to that cold-caller who rings your doorbell and presses a flyer in your hand that undercuts the competition or gives work away free – if you give them the run of the house? No. Treat apps just the same. AJS