Mobile app security: 5 ways to protect your smartphone

Wave your smartphone; buy a latte. Sounds great, doesn't it? But before running off to participate in Silicon Valley's next new thing, you might want to think about a scary downside to mobile commerce: the vulnerability of smartphones to hackers.

A new report by McAfee, a vendor of anti-virus software, says that better security around networks has prompted hackers to seek new targets, and the mobile app store is one of the most tempting. Because the market for Android apps is less controlled than Apple's iTunes store, security researchers have seen a rash of attacks against that platform this year. With the exception of phones using the long-established Symbian platform, Android devices were the most likely to be targeted during the first three months of this year, according to the report.

In March, a researcher who posts on the Reddit security site under the name Lampolo found that more than 50 applications available via the official Android Market contained malware; the booby-trapped apps may have been downloaded up to 200,000 times.

One nasty trick that Lampolo noticed involved pulling a legitimate app off the Android Market, inserting malware into it and then publishing it on another site with a similar name. Super Guitar Solo for example was originally Guitar Solo Lite, a legitimate app. It's worth noting that Google removed the bogus app from the Android Market very quickly and posted a tool to help users recover from the attack, according to the McAfee report.

Still, anyone who downloaded the poisoned app, or one of the others, probably had no way to know about the danger or was aware that their phone was infected with a virus known as Android/DrdDream. Mobile malware can simply be annoying, or it can silently steal login information or other personal data stored on the phone.

What's more, after Google created the tool to remove the DrdDream infections, a hacker gang created malware that masqueraded as the tool, which in turn created a backdoor to let the hackers into the phone and steal data, the McAfee researchers said.

It doesn't appear that the Android platform is inherently less secure than iOS, which powers iPhones and iPads. Why then has it been attacked so much? Hackers have used one of Android's most attractive features, its openness, against it. "In the case of Android apps, most phones allow the 'side-loading' of apps and are not restricted to getting them from a centralized app store, as they must with Apple. This openness means that Android app developers, or others, could post Android apps on their web sites and attempt to attract users to install them," the report says.

How to Be Safe

I spoke with Adam Wosotowsky, a McAfee Labs researcher who worked on the report, and he made a number of suggestions that mobile users should keep in mind.

Don't jailbreak your iPhone. Apple's tight control over the iPhone and the apps on its store is a strength of the platform. However, owning a device that someone else has so much control over annoys some users who then "jailbreak" their iPhones. Be warned. Jailbreaking, using a software download that changes and opens the operating system, leaves your phone vulnerable to numerous hacks that would otherwise be repelled by the locked phone.

Bank with authorized apps only. Online banking and bill pay is a great convenience, and being able to do it with a mobile device could be even more convenient. But if you opt to do so, only use apps supplied by your bank, cautions Wosotowsky. Otherwise you could go to the ATM and find that you've got zero money in your account.

Only download popular apps. I know this sounds pretty stodgy. But there's a reason for it. Apps that have been downloaded a lot aren't likely to be poisoned. For that matter, they're likely to be worth downloading -- if you believe in the wisdom of crowds, that is. Wostowsky says the threshold of safety is about 150,000 downloads. Apps on iTunes have been vetted by Apple, but even those folks can miss a threat, so it's good advice for users of any platform. And of course, read the comments.

Download from reputable publishers. If you're uncertain about an app, do a quick search under the publisher's name. If you find a number of apps with good reviews and lots of downloads, chances are you're dealing with an OK outfit.

Keep an eye on your wireless bill. Some rogue apps do things like make expense calls to foreign numbers to fatten the bank account of various intermediary sites at your expense. Often the calls happen in the background or at times when you don't realize your phone is doing something. Even if you haven't been infected, you may have unwittingly subscribed to one of those annoying services that automatically bill you every month for things like ring tones, so check the bill every month; it only takes a few minutes.

Those are solid tips. But shouldn't the app stores do a better job looking out for their customers? They should, agrees Wostowsky. App stores should do more automated scans of apps to find malware before it can be downloaded. Be sure that raters of apps are real people, not bots, and narrow the access to system functions that many apps now require, or ask for.

San Francisco journalist Bill Snyder writes frequently about business and technology. He welcomes your comments and suggestions. Reach him at bill.snyder@sbcglobal.net. Follow Bill Snyder on Twitter @BSnyderSF. Follow everything from CIO.com on Twitter @CIOonline.

Join the PC World newsletter!

Error: Please check your email address.

Tags mcafeetelecommunicationsecuritymobile

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Bill Snyder

CIO (US)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?