Android is pretty much the world’s most popular mobile operating system to date. Google I/O 2014 revealed that there were over 1 billion active monthly Android users.
All android phones whatever the brand or model be, have one thing in common; an App Store. Called “Play Store”, this is an app that connects the user to a database that houses literally millions of applications that can pretty much do anything if your phone is up to it. These range from games with mind blowing graphics, to apps that help you organize your day to day life. Android apps are not all free though, there are some apps that need to be purchased if one is to enjoy its full benefits.
And that’s where everything begins.
Should you or shouldn’t you?
Some of the best Android apps come as a trial – usually the trial period ranges from 15 days to 30 days after which certain features of the apps get disabled. The logical reasoning behind this is that if you like the app and want to continue using it, you have to buy the license.
Take the popular media app “Poweramp” (incidentally the first ever app I actually purchased from the App store). Once the trial’s done, you need to cough up $4.99. Is it a fair price? Yes – to most people. But for us Sri Lankans, that comes to around Rs 600, the price of five buth packets.
So what do we do? We fire up the old browser and go surfing for pirated apps. Once we find it, we go all googly eyed and download it to our PCs and transfer it to our Android smartphones and then proceed to install it. It installs and all features are enabled. We jump for joy thinking we thwarted the developers and one upped them.
It’s not all it’s cracked up to be
You may think that you’ve just got that app for free and boast to your friends, but unfortunately, it’s not all that cracked up. Android, being one of the most popular mobile operating systems to date, is also deemed the worst platform in terms of security. This is caused mainly due to malware that users unknowingly inject into their phones, enabling hackers to steal personal information and call expensive premium numbers.
Injecting malicious code in to an android app is very easy – it usually happens when you download cracked app files from file sharing networks. The uploader would insert a malicious code into the APK and upload it and wait till an unsuspecting victim were to download the file. Upon download and installation, the code would activate. It can be anything – from stealing all personal information such as passwords and recording keystrokes to erasing your drive. We’ve seen quite a few of these “infections” – simple stuff like weirdly large data usage to rapid battery failure. Things like 2013’s Backdoor.AndroidOS.Obad.a, for example, exploits multiple vulnerabilities, blocks uninstall attempts, tries to gain root access to your phone, and can execute a host of remote commands.
In fact, a post on Android App Development Ireland blog goes into detail on how they injected keylogger code into SwiftKey, one of the more popular third-party Android keyboards, which then resulted in a keyboard replacement that sends all keylogs to the predefined server, and how easy it was to do so. According to the author, it’s not even that hard.
How can you protect yourself?
Now that you’ve seen for yourself the harm you’re actually doing, there are several steps that you can take in order to protect yourself from malicious attacks and keyloggers.
The first would be to disable installation from unknown sources in your android device. This option is usually found in the Security section of your android device. When disabled, it will not allow third party applications to be installed unless they are from verified sources.
The second is obviously to download and install free apps from reputed places such as the Google Play Store – and even then, only to get what you need. Simply because an application is on the Google Play Store doesn’t mean it won’t crash your phone – in fact, as PC World (and RiskIQ) reported some time back, there’s an alarmingly large amount of malware on the Play Store.
The third, and the most logical thing, is to buy apps you like. For starters, it shows that you appreciate the hard work that the developers have put in to it. It also enables you to get automatic updates, which is something you can’t do with pirated apps. It also gives you a certain guarantee that your phone isn’t going to be infected by a random hacker.
Even with all these steps, it still pays to have a lightweight scanner like MalwareBytes on hand. You may not need real-time protection – a resource hog, that is – but the occasional scan after you install a new app should do fine.
So the next time you reach for that download button, think to yourself: do you really need this app? Do you?