Thursday 22 June 2017

Protect your Android device from malware.

Android, the open-source operating system i.e. led by Google is now found on more than half of all smartphones. This massive use of technology has caught the attention of cybercriminals, who have begun to double down on their efforts to illegally obtain personal information from Android users. Mobile malware can allow cybercriminals to intercept messages, monitor calls, steal personal information, and even listen in with the device's microphone.

One of the upcoming issues among the android users is the list of permissions the app requires in order to work whenever installed. It's tempting to just skip past it, but it’s recommended to resist as one should at least look at them, not to understand what each permissions type means but to understand, why an app is requesting it when you install or update. Even some app requires root i.e. to grant access to the inner workings of your phone’s OS. Apps like ROM Manager and Titanium Backup need root because they're performing system-level tasks on your phone. However, if a clock app or even a new app launcher requests root, make sure you understand why it needs it before you click "Allow."

Everyone wants to protect their privacy, but still want to be participating in things like social media. And even if you trust everything the app developer is doing today, you never know if a new update may contain malware planted by someone else.
Therefore as a precaution you could consider following suggestions:-

1.)  Legitimate app store

When downloading apps, do so from a legitimate app store i.e. from companies like Google, Amazon, Samsung etc. who monitor and scan for potentially dangerous or fraudulent programs. However, fake BBM app recently was able to slip through the cracks and managed to secure more than 100,000 downloads, before being removed. But if people had looked at the reviews they could have avoided that spamming service.
2.)  Settings

Google includes numerous settings in the Android operating system that can prevent malicious attacks. Devices running Android 2.2 or higher, which essentially means all android apps, have access to Google's malware scanner. Prior to installing an application, you downloaded outside of the Play store, Google will scan the app and warn you of any potential threats.
This feature is enabled by default and can be accessed in the Google Settings app in your device's app drawer. Alternatively, devices running Android 4.2 or higher can access the feature by going to Settings, clicking on Security, and scrolling down to Verify apps.
Devices running Android 4.2 or higher are also protected from premium SMS charges. A notification will alert you if an app is attempting to send a text message using a premium service, at which point you can approve or deny the transaction. This feature is built directly into the operating system and does not need to be enabled.
3.)  Software updates
If there is an update for your device make sure you download and install it. Manufacturers are constantly pushing out updates with bug fixes, enhancements, and new features that can make your device more secure.

4.)  Monitor and Tweak App Permissions On Your Own

If you really want to install an app that has questionable permissions, or permissions you don't understand , there are apps that can help. Some will stop intrusive apps from getting the data, others will just monitor the apps you install to see if they're doing anything fishy. For example:
  • Pdroid Privacy Protection -(requires root) is an app that keeps an eye on the types of information that your apps request, and lets you allow or disallow it on a per-app basis. You can block access to personal or identifying information for each app you have installed, and it won't break the app in the process.
  • LBE privacy guard- (requires root) notifying you when an app tries to access data and giving you the choice to allow or deny it. The key is that if you deny something an app needs to function, it may very well crash, so you'll have to think before you tap. Keep in mind people loved the old version and the new version hasn't been as well received at Google Play, so your mileage may vary.
  • PermissionDog- shows you exactly how dangerous your installed apps are at a glance. You can tell just by scrolling through the list which ones are okay and which ones you should pay closer attention to.
  • Pocket Permissions- it’s a complete guide to app permissions. It's helpful for Android beginners or anyone else who's interested in the topic, and wants more detail about what each permissions type means specifically, and what data is available when that permission is granted. You can use the app to research permissions and understand why other apps need them, search by permission to see which apps request it, sort by risk or importance, and more.
  • XPrivacy (requires root)- it’s an open source tool can override a particular permission setting by feeding it junk data. For example, it can feed your Linkedin app fake location information, or your Twitter app an empty address book. And you can do this on an app-by-app basis. So, even if you prevent LinkedIn from accessing your location, you can still offer access to your mapping app. Google removed XPrivacy from the Android Play Store soon after it was made available. But the store still includes a tool that will at least walk you through the installation of the app. According to Bokhorst, creator of app,” I am not building the tool for money. The goal of the XPrivacy project is to offer a free, decent Android privacy solution for as many as possible people," he says.
Mostly pirated and cracked apps contain some form of malware. You could spend a bit on that game/app you always wanted, which in the long run will give you hours of entertainment and reward the developer for their hard work, or you can pirate it and put your personal information at risk.
The decision shouldn't be hard.

 In the end, as a user, by taking above precautions you really need to trust the developer with the permissions and as a developer, you have to be transparent about why you need every permissions.