Business owners using Google operating system Android on their smartphones need to beware that the open source apps may contain malware.
The mobile phone market has been relatively free of security or infection issues until the recent introduction of Android devices, which support an open platform where anyone can write and publish an app. This ability, though liberating for programmers, leaves the platform open to malware.
According to Lloyd Borrett, security evangelist at security software specialists AVG (AU/NZ), many users are at risk because they have never experienced any major problems.
Users “implicitly trust their mobile devices”, which leaves them open to cyber criminals.
“When their smartphone tells them to send a text message, install an application, or simply confirm some dialogue, they will,” said Borrett.
“The same web browser that they use to check balances on their bank accounts, or pay $2 for a song, can also display infected web pages. Users are enthusiastically installing new applications without properly checking where they come from and what they do.”
AVG has published a safety guideline for mobile device users:
- Think of your mobile device as a computer. Be just as wary about phishing attempts made via mobile email or text as you would on your computer.
- PIN/password protect your device so no one else can access it.
- Back up information regularly so if you lose the device, you can restore the data.
- Do not root or jailbreak your mobile device to get around limitations set by your carrier or device manufacturer. It will remove any protections built into the device to defend against a number of mobile threats.
- Beware of everything you download onto your smartphone, especially applications. Only use reputable application markets. Look at the developer’s name, check out reviews and star ratings. Always check the permissions an application requests and ensure that the permissions the application requests match the features the application provides.
- Be on the lookout for strange behaviour on your smartphone, or strange entries on your phone bill. Be wary if you find applications being installed without your knowledge, plus SMS messages or phone calls happening without you initiating them. These could be signs that your phone is infected.
- Don’t bank, shop or access sensitive sites from a public hotspot unless you know it is secure. Disable wi-fi auto-connect to prevent connecting to a malicious host. When connecting, search for public displays that will tell you which legitimate host to connect to. Avoid unknown sites when using your mobile browser, and don’t click on links before authenticating the sender.
- Download anti-malware protection for your phone, tablet, e-reader etc. Solutions should be able to scan the device, identify and remove malware, plus check applications for malware before downloading from application stores.
Borrett advised that people had to start regarding their mobile devices as computers and become conscious of their security needs in the same way.
“Whole lives are now kept on mobile devices — contacts, photos, data — all crucial, personal information on a compact device which is so easy to access or lose,” he added.