Android Malware Threat Highlights Risks to All Smartphones

The very freedom that makes Android-based devices so attractive also makes them a malware threat.

The recent revelation in Wired News of a new Android malware application highlights the risk that comes with getting your applications from unknown sources. However, that same ability to get mobile applications from some place besides the Android Market is one of the things that users really like about Android devices. Besides that, the Android Market itself isn't exactly devoid of malware issues, and while Google gets rid of malware-laden applications when it discovers them in the store, sometimes they can stick around for a while.

But it's important to know that Android devices aren't alone in their vulnerability, which in turn means that users and the companies they work for need to be aware of the threat. Unfortunately, the answer isn't totally clear. While you'll solve most of the problem by sticking with the application store that comes with your device, that clearly isn't a solution to everything. Worse, not all Android devices have full access to the Android Market, which means that users have to go elsewhere for the applications they want.

Things are a little simpler with Apple, Research In Motion and Microsoft. Apple has its application store locked down, and iOS users can't just go elsewhere to get an application. It's similar with RIM, although it's possible for third parties to develop applications (including malware) that aren't delivered through RIM's market. Microsoft Windows Phone 7 is so new that the whole application-store ecosystem isn't really fully developed. However, if the WP7 practice follows past practice, you won't be limited to just Microsoft's application store.

Despite the protection-real or imagined-provided by the various application stores, there is malware for every platform, including the iPhone and its brethren. Fortunately, there is also anti-malware software for every platform, including the iPhone. While the level of threat varies and the method of delivery can differ between devices, the threat remains.

While it's probably a good idea to install some kind of security software on your mobile device, it's also a good idea to practice the same safe-computing practices that you practice with your computer. This means you should never open email attachments if you don't already know what they are. It also means that you should be careful about those Websites you visit using your mobile device.

And, of course, you need to be aware that unexpected or unusual behaviors by your device could be more than just misbehaving software. If something strange seems to be going on with your device, then consider the possibility that you might have a malware infestation. It also means that your personal information that may reside on your smartphone or tablet could be sent to someone with less than the best intentions.

Once you've discovered that you have (or might have) a problem with malware, you should try to remove it as quickly as possible, but even that might be too late to prevent some loss of data. Still, call the manufacturer's support line, and even if it costs money for the support, get help in removing it. Limiting the damage is good even if you can't prevent all the damage that the malware might cause.

In addition, you should be careful about what information you store on your smartphone. For example, don't store credit card numbers on your device for any reason. Ever. Most malware seems to be keyed to locating those and sending them along to the bad guys.

Likewise, limit your use of online banking on your smartphone. While the malware that shows up most often doesn't currently seem to include keylogging, there's nothing to prevent it.

And because much of the malware that seems to circulate in smartphones appears to focus on your address book, be careful what you keep in there. Sure, you need phone numbers and email addresses for the address book to be useful, but do you really want to send all of your friends' information to someone you don't know?

Finally, if you can find a good encryption package that you're willing to use, then use it. Malware can't do much with encrypted data, and neither can someone who might find your phone if you lose it. Remember that malware isn't the only threat to your phone's data, and it may not be the biggest threat; smartphones are lost all the time, and when that happens, your data is at risk.

But while loss has always been a risk for mobile devices, malware is the one that's emerging, and the one with which most people are ill-equipped to deal. Given that, it's important that you practice the same safe-computing practices on your smart phone as you do on your computer. The bottom line is to be careful what you download, and be careful of the attachments you open.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...