Home > Android Army > Android app security basics: Easy ways to keep…

Android app security basics: Easy ways to keep your phone safe

android safety antivirus

We’ve been exploring the topic of Android security over the last week. We kicked off with a look at the top Android security apps and found that they generally offer a package of features beyond antivirus protection. That is possibly just as well since the necessity of antivirus apps on Android is still unproven as we discussed in Do you need antivirus on Android?

Malware is undoubtedly a threat to Android device owners but it is packaged in apps and updates that you must choose to install. If you’re careful and you do a little research then you can avoid inadvertently downloading something harmful. Below are some basic tips to keep your Android phone safe and secure.

Avoid unknown sources

You have the option of installing Android apps and games from sources other than Google Play (sometimes known as sideloading). The problem is that many third-party app stores are not safe. If you choose to download an APK file and install it yourself, you could be putting malware on your device. You may also be sent an APK file in an email or a text message, or you could be prompted to install one after clicking on a link in your web browser. It’s best not to install these unless you are certain it is safe.

To safeguard against inadvertent installation, make sure that the ability to install apps from unknown sources is turned off.

This is generally off by default but it is worth checking. In Android 4.0 and above, go to Settings > Security and make sure Unknown sources is disabled. In previous versions of Android, hit Settings > Applications to ensure the Unknown sources box is not ticked.

If you use the Amazon App Store, or perhaps you need to sideload an app for your work, then you can always go ahead and tick the Unknown sources box to allow installation to proceed and then disable it again. Just ensure that it is off by default to prevent you from inadvertently installing something dodgy.

Use Google Play

For the most part, the apps and games in Google Play should be safe but just because it’s available through the official Android app store does not mean it’s definitely safe to download. Make sure that you check the rating and read the reviews from other users on each app. This can highlight potential problems and also technical issues you might encounter with your particular model or device. Don’t rely on Google Play reviews alone because app store ratings can be misleading.

In general, the higher the rating and the more downloads an app has had, the safer it is to download. The biggest risk is from new releases which have very little feedback posted. If it hasn’t been downloaded many times and there isn’t much to go on then you might want to do a bit more research before you download.

Search for app reviews online

If you are uncertain about an app then just do a quick Web search. Make sure that the developer and/or publisher has a legitimate website. Try to find independent reviews or discussions in forums. The more separate sources you can find on the app, the better.

Make sure that you have the correct app. Some malware writers will create apps that are designed to look exactly like another popular established app. Check that the app name, developer, and publisher are all correct.

Check the permissions

That screen that you flick past when installing a new game or app on your Android phone lists out the permissions that you are granting to the software. There is a clear barrier right there. The problem is that users don’t always understand why an app wants a specific permission and it can be difficult to distinguish between a valid reason and a suspicious request.

Try to figure out a reason why the app or game might need each permission, and if you can’t, don’t install. Does the app need to be able to track your location? Does it need to have Internet access? Does it need the ability to make calls or send messages? Do you want to allow it to take photos?

Unfortunately, all of the permissions look suspicious and the explanatory text (or lack thereof) can be cause for concern. An app might want “Full Internet access” so it can serve ads. It will want to be able to “Read phone state and identity” to determine when you are on a call. What you really want to watch out for is apps requesting permissions that they really shouldn’t need. Always be wary of apps that want the ability to make calls, send messages, or read contact data.

If in doubt, do a quick Web search on the permission in question and you’ll find further information.

Check updates before installing

Many people are careful when they first install an app, but once they have it on their device they become complacent about installing updates. Always check out the recent app reviews in Google Play to see if an update is worth getting. This can reveal potential technical issues for your device.

You also need to remember that the update can request new permissions. The original app may have been legitimate, but the update could be up to no good. Malware writers have been known to lull users into a false sense of security with an app that’s malware free, only to unleash malware in an update.

Common sense

Staying safe with the Android platform is all about applying some common sense and being a little cautious. The risk of malware if you apply these simple tips is minimal. The majority of Android users will never encounter any malware problems.

If you’re still concerned, go ahead and get a good security app (here are some suggestions), but it’s important to remember that antivirus apps are no substitute for common sense. Even a good security app does not allow you to disregard these tips with impunity. You should always be careful about what you install.