Malware on Android Devices

I keep hearing that Android users are at risk of new malware. Does this mean you should install an antivirus app on your phone or tablet?

While there may be a lot of Android malware out there, you’re probably safe if you follow some basic steps and have a little understanding.

Google automatically scans all apps on the Play Store and Android itself has some built-in antivirus features. Google Play apps are scanned for malware as soon as an app is uploaded.  Every app gets run in a simulated environment to and app’s behavior gets compared to the behavior of previous malicious apps to look for red flags.  Plus, if you’ve installed an app that is later found to be malicious, Google has the ability to remotely uninstall this app from your phone when it’s pulled from Google Play.

Android 4.2 and up also prevents apps sending any premium-rate SMS messages in the background and alerts you when an app tries to do this. Malware creators could use this technique to rack up charges on your cell phone bill and make money for themselves.

Prior to Android 4.2, the majority of Android’s anti-malware features weren’t actually found on Android devices themselves – the protection was found in Google Play. This means that users who download apps from outside the Google Play storewere more at risk.

A recent study found that over 60% of Android malware samples they received were from a single family of malware, known as “FakeInstaller”, which disguises itself as legitimate apps. They fool you into loading your app from a website or through an unofficial, fake Android Market with no protection against malware.

On previous versions of Android, you can protect yourself by installing apps from legitimate sources, such as Google Play. A pirated version of a paid app offered on a suspicious website may be stuffed with malware – just like on Windows.

Another recent study found that only 0.5% of malware found was from Google Play and 99.5% came from elsewhere, especially unofficial app stores where no checking or policing for malware is done.

If you only install apps from Google Play, you shouldn’t need protection but if you regularly load apps from outside Google Play, you should probably install an antivirus app just to be safe.  We highly recommend the Avast! Mobile Security for Android as it is particularly well-reviewed and is completely free and because I have been using Avast for ten years now and have never been anything less than impressed with them.

Avast! also offers a “Privacy Report” feature that sorts your installed apps by permission so you can see if you have any apps that require too many permissions. Avast! also offers a firewall that allows rooted users to block certain apps from accessing the Internet.

As long as you stick to apps from Google Play, you should be quite safe from all forms of malware, especially if you’re using Android 4.2 or later. The majority of Android malware comes from third-party app stores and apps downloaded from suspicious websites. To be extra safe, always be sure to check the permissions of apps you install.