Of the tens of thousands of mobile applications, some are beneficial and joy, others are financial losses, stresses and worries. A cybersecurity expert told the Daily Billboard how not to be trapped.
Games, photo editors with faces of elves, calorie calculators and online dictionaries in the smartphone entertain us and make life easier. But the sensational story with the Meitu application showed that not all of them are safe. An expert from Positive Technologies told how to protect a smartphone from malicious applications.
Trojans? No, have not heard
In the language of IT professionals, malware (software) that disguises itself as a harmless program is called a trojan. Such applications force the user to independently install them and issue the necessary privileges.
All Trojans can be divided into two types. The former exploit the vulnerabilities of the operating system or applications installed on the smartphone. The latter force the user to allow some actions, for example, access to one-time passwords from SMS messages, camera, gadget desktop or other applications.
In the case of using OS vulnerabilities, detecting malicious activity is rather difficult. So, the program, for example, aimed at stealing money through mobile banking, will already have an effect on the fact of debiting funds from the account.
It is also difficult to protect against malicious programs that force access to data or allow fraudulent activities. Such malware uses legal techniques, so the user remains guilty. Without reading the installation conditions of the application, he trusts and allows the free dictionary or game to read his messages, make paid calls, and sometimes completely control the device.
Rule 1: Install applications only from official markets
Most malicious applications get into the smartphone from unofficial app stores or via links from sites with unlicensed content. Google Play and the App Store are checking applications before they are available to users. Pick up the infection there is much more difficult. If you still decide to download something from an unknown resource, during the installation, check the box “Install applications from unreliable sources”.
Rule 2: Read carefully what accesses, permissions and functions require to include the installed application
Often, scammers embed malware into clones of popular paid apps, luring victims to free music or games. Getting into the gadget, the virus exploits the vulnerabilities of the old OS versions in order to gain increased control over the victim’s device. Some may, for example, force the victim to enable special developer features – USB debugging. So the installation software from the computer will be able to get unhindered access to installing applications on a smartphone with any privileges.
Rule 3: Update your apps regularly
Studies have shown that 99% of attacks are aimed at vulnerabilities for which developers have released fixes. When they release a new release, they always officially announce the corrected shortcomings and loopholes. Scammers carefully study them and send their malware to those users who did not have time to update the old version. Therefore, timely updating of the device OS and installed applications can reduce the risk of attacks.
Rule 4: Forget about root-rights
Almost all Android users can get full control over the system of their gadget. Root rights provide the ability to change system folders and files: for example, they allow you to delete standard applications (calendar, maps and various embedded services), change and delete themes, shortcuts, optimize the performance of your device, and overclock the processor. There are many applications that establish full control over the system, but they also completely destroy the security on the device.
Do not use the device on the Android OS with root-rights to perform banking transactions. If malware gets these root-rights, it can be integrated into all system processes: read SMS with a one-time password from the bank, delete SMS alerts about debiting, have access to bank card data and even listen to conversations. At the same time, all these activities will be hidden from the user.
Rule 5: Do not give the application strange permissions
If an application needs to use, for example, access to the list of contacts, then during installation it will necessarily request this permission. Beginning with Android OS 6, some permissions cannot be issued during installation – they are granted only after their launch. So, if the application needs access to SMS reading, location or other confidential information, the user can refuse it. To protect yourself, you need to be very careful about such offers.