While many say Apple kicked off the modern smartphone craze with the release of the iPhone in June 2007, Android phones weren’t far behind. The first Android smartphone released in late 2008, and by 2010, Android was the most popular smartphone operating system in the United States. Much like Windows PCs in the 80s, Android presented itself as a more affordable, more open alternative to the closed garden of Apple products. Today, Android is the biggest mobile operating system on the planet, with more than 2 billion monthly active devices. This also makes the Android platform the biggest mobile phone target for hackers.
Mobile devices are the next frontier of cybercrime. As sales of desktops and laptops have started to decline, smartphone sales have held strong. Furthermore, many mobile users aren’t yet aware they need cybersecurity for their phones. While the majority of cyberthreats are still aimed at PCs, Android malware is growing rapidly.
Cyberthreats for Android are much like cyberthreats for PCs. They sneak their way onto your device, often in the form of a shady download, then burrow themselves in the system in order to steal information, spy on you, or take control of the device. In many ways, the game is the same, but the playing field has changed.
To protect themselves, many users assume they need some sort of antivirus, but viruses are just one kind of threat. Android users who are concerned about cybersecurity should look into a cybersecurity solution that protects them from all forms of malware, not just viruses.
Truth be told, most cybersecurity pros consider viruses to be more of a legacy threat for computers, and perhaps a complete misnomer when it comes to Android phone infections.
Computer viruses are programs that can replicate themselves by piggybacking onto another program. Early hackers used them to spread all kinds of malicious software (also known as malware) onto computers. That said, this strategy isn’t as common among modern cyberthreats. We’d be hard pressed to identify any malware that duplicates itself like a legacy computer virus. So technically, there is no such thing as an actual Android virus. The problem is that the term “virus” has become a catchall phrase for cyberthreats in general, even though it’s outdated.
“Smartphones are essentially handheld computers, with many of the same weaknesses.”
This is not to say that you don’t need cybersecurity software on your Android phone or tablet. After all, smartphones are essentially handheld computers, with many of the same weaknesses. We also use them to store all kinds of valuable private information, financial data, and other targets that attract cyber thieves. As such, these devices are susceptible to the same kind of malware strands found on PCs.
So naturally, Android “antivirus” software, or more properly, anti-malware software, is an essential measure against a variety of threats. Some, for instance, will mob your Android phone with annoying ads. Other malware is more harmful, representing itself as a trustworthy site or app, deceiving you into revealing passwords or private financial information.
The problem of malware on Android is also compounded by the fact that many users don’t take steps to protect themselves. Most mobile users do not protect their phones as diligently as they do their computers. They don’t install security software and they fail to keep their operating systems up to date. Oversights like this make these users vulnerable to even primitive malware. Since screens on mobile devices are small and users can’t easily see activity, the typical red-flag behaviors that signal infection in a PC can run on the phone behind the scenes in stealth mode.
Fortunately, there are a few unmistakable signs to look for if you suspect your Android phone is infected. Here are the main ones:
Although there are many types of Android malware, here are the top five:
For the most part, Android infections come from your Internet browser or a downloaded application.
Infections from the browser typically happen when an attacker uses an exploit. These attacks work by taking advantage of bugs and vulnerabilities in common web technologies like ActiveX, HTML, and Java in order to breach the browser’s security. From here, the attack forces the browser to run malicious code that delivers malware and infects the device.
“Google has tried to crack down on these malicious apps, but more keep popping up.”
Infections from downloaded applications are essentially Trojan attacks. The application seems legitimate, and it may even work as advertised, but it’s doing shady things behind the scenes like stealing data or installing other apps without your permission. These apps usually come from third-party sources, but even the Google Play Store contains malware. Google has tried to crack down on these malicious apps, but more keep popping up. The sheer number of apps downloaded from the Google Play Store makes it a huge target for malware delivery attempts.
Other sources of infections include cheap phones that come with malware pre-installed, emails with shady attachments, exploits of popular apps, phishing scams, and getting duped into clicking on suspicious download links.
Smartphones aren’t just vulnerable to software-based attacks like malware and exploits. They’re also vulnerable to scam calls, which can be used against you in similar ways. For example, if an attacker was determined to get access to your bank account, they could try to infect you with malware, or they could call you up pretending to be your bank and ask for your login details.
In one scam call scenario, you get a call from a number with the same area code and first few digits as your own number. In reality, it’s a scammer using a trick called “spoofing” to change how their number so that it appears to be a local number on your caller ID. If you answer, you might hear a spam robocall or a real person trying to con you out of money.
“Your first line of defense against scam calls is awareness and some healthy skepticism”.
Scammers can also use spoofing to imitate phone numbers from legitimate businesses and organizations like banks, police departments, and tech support hotlines. IRS scams are a common example. You get a call out of the blue from someone claiming to be from the IRS or a police department. They say you owe money and you need to pay up immediately to avoid severe punishment. If you look up their number, it appears legitimate, but it’s just a spoof. In another example, the scammer says your bank account has been breached, and they need your login information to confirm your identity. Another scammer might say there’s a problem with your phone and you need to go to a specific site and download a fixer program. This is all social engineering, schemes to fool you into revealing personal data, sending money, or letting the caller gain access to your device to install malware.
Your first line of defense against scam calls is awareness and some healthy skepticism. There are also preventative measures, but more on that a bit later.
Aside from specific examples like ransomware, most malware is designed to stay hidden. While there are plenty of red flags to look for, you may not notice any at all. If you suspect malware, or even just out of an abundance of caution, download a legitimate anti-malware program, such as Malwarebytes for Android. Install it and run a scan. It’s designed to find and eliminate any malware that has infected your phone or tablet.
A cybersecurity application is a great way to prevent infections, but a few basic safety tips can go a long way too.
The Android malware universe is a big place, full of nefarious threats. Whether you’re looking for prevention, or post-infection remediation, Malwarebytes for Android offers powerful, pocket-size protection, automatically blocking dangerous malware like ransomware and conducting privacy audits to reveal what apps have access to your location, calls, or other private information. And, like Malwarebytes for iOS, it also detects when a call is from a known or suspected scammer, blocking the call or warning you it may be fraudulent.