Our Blog

Android Apps Could Be More Dangerous Than Traditional Malware

Posted by Nate Alekna on Mon, Oct 10, 2016

There I was, sitting on the couch. I was going through facebook and I see this ad for “Shadow Blade Extreme 7.” It looks really cool. Good graphics, fun gameplay, and cats! I load the app up and my phone comes up with a notification.

This game wants access to my name, email address, camera, my contacts, my facebook, my text messages, my credit card information, my social security number and my grandmother’s secret recipe for roast beef cookies. Sure? Why not? I don’t even bother reading any of what it says, it’s standard stuff. Every app asks for it.

Crazy_Permissions.png

How much information about you does your phone have stored? I use my phone to check my bank account, to pay bills, to buy tickets to the national pie eating contest, and take pictures of my cat. My phone probably knows what my cat looks like more than I do.

We've covered before how mobile malware is a very real thing that you should absolutely take preventative steps against. With all this personal information required to run a simple app, why would anyone need to go to all the effort of trying to get you to click a fake link or download something just so they can install a virus on your device? All they have to do is make a fun app that collects all your data and the average user will give it away willingly.

Free games with micro-transactions are pretty common in the play/app store. Buying anything in the app gives their credit card processor your credit card information (although encrypted in transmission, recurring charges can sometimes be spoofed in order to overbill users). A lot of apps ask for access to your Facebook account. How much personal information can be gained there? I'm guessing more than you even realize

Studies have shown that less than 0.4% of all mobile apps have malware. Okay, good right? 79% of all apps have other security risks however. Even if the app requesting the data isn’t using it for malicious purposes, the data is collects being transmitted over unsecured channels can mean anyone can intercept that data. And even if that’s not a risk, sometimes the databases where this data is stored can be built poorly and accessed easily.

 

Gaming apps take the cake for asking for things they don’t need to know. Why does “Chocolate Smash Adventure” need to know your location? Targeted Ads probably. An ad blocker won’t help in this case because the data is still being collected.

What does this mean for you? Should you stop playing your favorite game or downloading that shiny new app that tells you how many M&M’s it would take to fill an Olympic sized swimming pool? (Around 2,395,160,000) No. That would be silly. Everyone needs to know how many flapjacks it would take stacked on top of one another to reach the moon. (38,440,300,000ish)

This is indeed a bunny with a flapjack on it's head

Typically paid apps are "safer" in this respect than free apps. They don’t usually ask for nearly as much information. A lot of times this is because the lack of ads in paid apps, but some of it is simply that a malicious attacker wants to draw in as many users as possible and it’s harder to do that when the user has to pay for access. 

A cheaper and simpler way of protecting yourself is just using some common sense. Why does that flashlight app needs access to your contacts and address book? Flashlight apps are actually notorious for requesting way more access than they need. Why's this one need my call information?

Flashlight.png

It’s also not a bad idea to stick with trusted companies. If the app has good reviews and has been installed by 500 million people, there’s a decent chance it’s okay. While not always the case, it’s a safer bet than installing an app 6 people have downloaded.

If you’ve rooted or jailbroken your phone you need to be more careful. If an app requests root access be absolutely 100% sure that it’s safe, because giving an app root access means to can do whatever it wants.

The takeaway here is just be careful. Malware is dangerous and everyone knows it. However when apps can collect even more data than malware things get tricky. You authorize these apps to collect any data they want, they can send it anywhere and to anyone, and you allow it to happen yourself. It’s like installing useless ad-powered tool bars in your browser, only less annoying. For anyone that doesn’t know. Browser tool bars are awful things and should never be used under any circumstances unless you like your computer looking like this

 

Do you need antivirus and security for your Android devices? We've got you covered with industry-leading security solutions from Kaspersky Lab. Starting at about $15/year you'll get:

  • Anti-malware protection - including Kaspersky's Android antivirus technologies
  • Web protection - against Internet-based attacks and phishing websites
  • Anti-theft protection - with remote access to special security features on your missing device
  • Privacy protection - to control what others can see or access when they pick up your smartphone
  • Call and text filter - so your smartphone only receives the calls and texts you want to receive

Contact us today to order the best protection available with the most peace of mind possible. (Multiple device discounts available w/ subscription)

Tags: iOS, mobile security, mobile malware, android, apps, malicious apps