3 months ago

Android Security 101: How to Secure Your Apps & Avoid Malware « Android :: Gadget Hacks

Because of the way Google Play works, Android includes a “bad app” problem. Google allows any developer to upload an app to the Play Store, regardless of if the item works, how the item looks, or whether or not the item can harm users. Malware scanning happens primarily after apps are uploaded, along with though Google has recently taken steps to safeguard users with its Play Protect program, you don’t have to depend on them.

Android has several tools accessible to users which provide protection. By combining secure technology with Great decision generating, you can protect yourself through most malicious apps. You can also apply these skills to protect yourself through broken apps or ugly ones. Unfortunately, these tips will not eliminate the possibility of downloading a malware app, although they’ll significantly reduce the threat.

Tip 1: Don’t Depend on Google Play Protect

After multiple issues with malicious apps generating their way onto the Google Play Store, Google introduced Google Bouncer as a way to address the problem. of which was an antivirus system which automatically scanned apps within the Play Store for malware along with additional forms of malicious code. Earlier of which year, Google rebranded of which feature along with “Find My Device” under the fresh title, Google Play Protect.

Performing the same tasks of which each application did separately, Play Protect was Google’s way of showing developers along with consumers of which they were serious about security. However, Play Protect doesn’t eliminate the problem. According to AV-Test.org, as of September 2017, Google Play Protect only detected 65% of malware in real-time.

AV Test Antivirus Software for Android (September 2017). Image via AV Test

Compared to the industry average of 95.7%, Play Protect is usually an inefficient antivirus application. Play Protect also only detected 79.2% of the latest malware within the previous four weeks, which is usually well below the 98.2% industry average.

While we don’t recommend disabling the feature (since the item already built in along with the “Find My Device” features are useful), we do recommend downloading another antivirus app to supplement malware scanning. Specifically, one which has a much higher detection rate along which has a minimal effect on battery life: Antiy AVL.

Antiy AVL is usually above the industry average on both real-time detection along with detection over four weeks which has a 100% detection rate in both categories. According to AV-Test.org, the item has minimal impact on the battery along with performance of your smartphone along with had zero false positives for app found on the Play Storeor third-party app stores. Similar to the Play Protect, the item offers real-time protection before you install an application through any source.

Once you install the application, we recommend performing an “app only” scan to make sure nothing malicious is usually already installed on your device. After you’ve scanned your smartphone, let AVL perform background scans (which is usually enabled by default) to automatically protect your device.

(1) AVL performing initial scan, (2) AVL Settings menu.

Tip 2: Review App Permissions

Starting with 6.0 Marshmallow, Android uses an app permissions system to dole out access to certain functions of your smartphone. For instance, a camera app might obviously need access to your phone’s camera, along which has a navigation app might require usage of your GPS or location data.

However, the apps aren’t granted these permissions by default, so you’ll usually see a series of permission requests initially you open an app or initially you attempt to use a feature of which requires one of these permissions. Once you tap “Allow” on a permission request, the app can right now access of which function of your smartphone anytime the item wants.

The Snapseed photo editing app requesting permission to access files stored on a phone.

Unfortunately, not every app uses of which fresh system, along with instead, will request permissions in bulk when you’re installing the app. of which is usually an all-or-nothing deal, so if you didn’t want the app to access certain functions of your phone, you simply can’t install the item.

the item’s also very easy to misinterpret the initial batch permission request as a confirmation popup asking if you’re sure you’d like to install the app — if you tap “Allow,” the app right now has permission to access every function the item requested.

Example of an app of which doesn’t use the fresh permissions system. Instead, all permissions are requested in bulk when you’re installing the app.

Even if they use the fresh system, many apps request permissions of which they do not need for functionality. Reviewing all apps permissions provides both privacy along with security. Fortunately, Android makes reviewing application easy by grouping permissions together instead of generating you review apps individually.

To review app permissions, open the Settings menu by either selecting the gear icon in Quick Settings or selecting the “Settings” icon within the app drawer. Located at the top of of which menu will be a search bar or a magnifying glass icon, select either one along with type in “Configure Apps” or “App Permissions.”

If nothing shows up (as is usually the case with LG UX devices), choose “Apps” within the Settings menu along with select the three vertical dots. When the sub-menu opens, choose “Configure Apps,” then “App Permissions” (depending on the skin, the item might just say “Permissions”).

For LG UX skin, accessing the permissions menu requires additional steps.

Next, you’ll see a list of all permissions allowable to apps along with the number of applications of which currently have access to of which function of your smartphone. Starting through the top, select each one along with decide if the application needs to have permission.

The recommended strategy to follow is usually the principle of least privilege. of which principle states of which individuals (in of which case, apps) should only have access to the absolute minimum permissions needed to perform their task, along with nothing more.

An example of of which can be found within the official app for Foot Locker. of which application can obtain permission to your calendar to add events. If you don’t wish to use of which feature, deactivate of which permission to prevent the collecting of personal data.

Revoking calendar permission through the Foot Locker app.

By minimizing app access, you’ll protect yourself through companies obtaining an unnecessary amount of information about you. of which practice also protects you through malicious agents (such as hackers) who might compromise the app to attack your device. A hacker could perform a more sophisticated attack of allowing the app to operate as usual, although using the app’s extensive list of permissions to gather information about you.

Unless the item’s an older app of which doesn’t use the fresh permissions system, you don’t have to worry about breaking an app when removing permissions. After you deactivate a permission, open the application. The app will ask for the permission back if the item deems the item necessary for regular operations.

Tip 3: Turn Off Unknown Sources

Despite the Play Store’s issue with compromised applications, the Play Store is usually the most secure place to download Android apps. However, Android does provide the option to sideload apps through alternative sources. While we here at Gadget Hacks don’t condemn the use of third-party apps, we do recommend using Play Store apps whenever possible.

Android controls the ability to install third-party apps with an option known as “Unknown Sources” — you’ll only be able to install non-Play Store apps when of which option is usually enabled. “Unknown Sources” is usually disabled by default, although, if you’re a long time reader, you’ve probably enabled the option for additional functionality such as adding the Pixel’s Dialer or getting Google right now on a third-party launcher. Since you already installed the application, disabling “Unknown sources” won’t deactivate the third-party apps. Instead, the item will prevent unauthorized installation of non-Play Store apps by outside threats scheming to attack your device.

To disable “Unknown Sources,” navigate to the Settings menu along with select “Security.” of which menu may be bundled with additional options such as “Lock Screen & Security” or “Privacy & Security,” although if you don’t see anything similar to the previously mentioned options, search for “Security” within the main Settings menu. Once there, scroll down until you see the “Unknown Sources” option along with disable the item.

Some Android skins bundle Security with additional options

Tip 4: Take Care of the Little Things

There are several little things of which you can do improve your chances of not being infected with malware or accidentally installing a malicious application. The first thing is usually to keep your phone’s firmware updated by accepting any available upgrades in Settings –> System –> System Updates.

Unfortunately, of which step isn’t always in our control since hardly any OEM provides monthly Android security patches promptly. Except for the Pixel/Nexus lineup along with HMD/Nokia, most Android smartphones are at least two months behind. However, when your device does get an update, accept the item immediately.

Usually, firmware updates will not only include the latest security patches, although also bug fixes. Recently, the KRACK vulnerability of Wi-Fi’s WPA2 protocol has compromised millions of Android devices, although Google added a fix within the most recent security patch. However, if you didn’t update your device, the item remains susceptible to hacking when using Wi-Fi. For those who didn’t get the patch, follow the link below for ways to protect yourself while browsing the web using Wi-Fi a you wait for the update.

Don’t Miss: How to Secure Your Data Connections along with Browse the Web Safely

right now of which you know malware infested apps are on the Play Store, do a little research before you install an app. Read the reviews by Android users for any reported issues. Most of the time, if the app isn’t doing what the item advertised to do, the reviews will reflect of which. Also, look at the author of the app. If the application has extensive controls or links you to a company’s resources, the author should be a company along with not an individual. For example, if you see an app called Amazon with an author name “Hacker Joe,” don’t install the item.

Avoid obscure apps of which provide too much functionality. As the saying goes, “if something is usually too Great to be true, the item probably is usually.” Also, understand of which if the app as Great as advertised, many outlets (including here at Gadget Hacks) might test the item along with cover the item in order of which readers might know.

Finally, use a VPN when possible. A VPN will ensure of which communications between you along with the app’s server are secure, along with some VPNs (such as NordVPN) will review the traffic for malware along with block the item through reaching your device. When the item comes to Android security along with privacy, VPN is usually always a recommendation.

VPNs, such as NordVPN, will secure data between your device along with the app’s servers

By using these tips, you can reduce your chances of downloading a malicious app. Unfortunately, these steps won’t eliminate the risk, so always be vigilant with your device, monitoring the item for any modifications. Let us know within the comments below if you have been affected by malware on your Android device.

Don’t Miss: How to Securely Communicate with Friends & Family

Cover image along with screenshots by Jon Knight/Gadget Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

fourteen − two =