Safe with Android Devices

am taking a chance here by discussing a topic such as this, and in particular taking the stance that I am taking. So, with that in mind, let’s just get down to business. As is usually the case with these sorts of things, we’ll start off with a disclaimer or two. Most importantly you must realize that these are my opinions and observations, and some of them might be wrong. Please feel free to let me know if you disagree with anything I say. Keep in mind also that I am not saying that rooting your device does not have its benefits, but rather that one must be careful. Now that is out of the way Hackers are in hot pursuit of Google's popular Android OS, according to recent news & reports. As mobile security threats are tiny compared to PCs, you still need to protect your smartphone, even more so if it runs Android. Here by we are trying to collect some tips for staying safe.

Take a deep breath. There's a new report out highlighting a huge spike in threats against Google's Android platform. Yes, it's something to be concerned about. But don't freak out or return your cool new Samsung Galaxy Tab. Mobile threats are rising, but actual attacks against smartphones and tablets are still a tiny fraction of the number of new threats that target your PC, and to a lesser extent, your Mac. And remember the law of big and little numbers. When a number is small, it doesn't take a huge addition to pack a big percentage change.

The news here is this: Malware targeting the Android platform jumped 76 percent in the second quarter of the year, making it the most popular target for makers of malware that attacks mobile devices, according to researchers at McAfee, the anti-virus and computer security company now owned by Intel.

The reasons for the spike aren't hard to discern. Hackers like to attack popular platforms, and Android phones are now outselling Apple's iPhones. In order of popularity with hackers, Android is followed by the fading Symbian operating system and Java ME. If you're alert, you'll notice that iOS is not in the top three; in fact it's not on McAfee's list at all.

To explain why, let's take a look at a report issued by Symantec, McAfee's major rival in the personal security business. In June, Symantec said: iOS's security model offers strong protection against traditional malware, primarily due to Apple's rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.

Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today's increasing volume of Android-specific malware. Those points are essentially the same as what the McAfee researchers have to say about Android vs. Apple mobile device security.

How to Be Safe

Just because you're statistically unlikely to be killed by a lightning strike, that doesn't mean playing golf in a thunder storm is a good idea. Similarly, don't take my calming words as license to pay no attention to security for your Android device. Malware is out there, and it targets personal information that you really don't want some bad guy to get his hands on.

Here are some things you can do to thwart the hackers.

Use a security app designed for Android: Lookout Mobile Security is getting the best reviews I've seen. It's a free app (though there's also a beefier premium version) that does a number of things, including scan downloads for viruses. It also works as a phone tracker in case your Android is lost or stolen. Lookout has a Web site that will track its location. It also allows you to wipe your data remotely, lock the phone or set off an unpleasant alarm.

Finally, there's a Web site associated with the app you can use for backup.

Always check app permissions: Whenever you download or update an app, you are given a list of permissions for that app. If an app is asking for things it shouldn't need, get rid if it.

I must add that IMHO common users are overexposed to rooting. Basically, users do not pay enough attention to potential misdemeanor of freely available apps. When rooting, main question in people’s head is NOT to brick the phone, data security is not even on their minds.

Almost every website dedicated to Android has some kind of rooting information, tutorials, and/or news. I’m not saying that it’s bad. But when You take in to the account the basic users, it’s logical to assume that they will probably WANT to root their device, regardless if they really NEED it or not.

Hype about the rooting is just enough as a cause. With appearance of one-click-root apps the process has been stripped down to it’s simplest and almost anyone knowing how to click can root their device.

It seems to me that Android’s security system is solid one, but depends on user itself to make informed decision on what applications to install and what not to. Not paying the attention to the security notification when installing an app is just ignorant. If you want a password storage/encryption app,

and it requires Internet connection, shouldn’t You think twice? On the other hand if anti-virus warning pop’s up on Your’ PC’s desktop, do you ignore it or read what it says?

It all boils down to the fact that rooting does have advantages but users themselves MUST think really hard should they root their device, just like installing any other application/game from the market. And to conclude (I’ll probably sound like some manufacturer’s PR) but if it was (amongst other things) SAFE to have all the devices rooted initially wouldn’t they be?

I’m not sure about this next one but as from what I’ve read, every Android app runs in it’s own ‘sandbox’ thus effectively disallowing other apps to access it’s data, except if app ‘publishes’ it through public providers.

Don't install Android Package files: As our colleagues at PCWorld explained: "When Angry Birds first came to Android, you could only get it through a third party. This is called 'side loading' or, installing apps using an .APK file. While Angry Birds wasn't malware, it is highly advisable not to download and install .APK files that you randomly come across. Most of the time you won't know what the file contains until you install it. By then it's too late."

Bank with authorized apps only: Online banking and bill pay is a great convenience, but to be safe, only use apps supplied by your bank.

Rooting has a high chance to destroy data stored on the phone, and unless someone is completely OK with that, they should not go forward with rooting.

My suggestions only download popular apps: I know this sounds pretty stodgy. But there's a reason for it. Apps that have been downloaded a lot aren't likely to be poisoned. For that matter, they're likely to actually be worth downloading, if you believe in the wisdom of crowds, that is. Download from reputable publishers: If you're uncertain about an app, do a quick search under the publisher's name. If you find a number of apps with good reviews and lots of downloads, chances are you're dealing with a reputable outfit.

Keep an eye on your wireless bill: Some rogue apps do things like make expensive calls to foreign numbers in order to fatten the bank account of various intermediary sites at your expense. Often the calls happen in the background or at times when you don't realize your phone is doing something.

Don't dos,

As the more pervasive networked technology becomes, the more dangerous our common lack of security awareness will become. Eventually there will be a tipping point, a day of reckoning. Consider each of these things people commonly do:

1. Giving account credentials to Meebo.com so that you can use instant messaging more easily.

2. Giving account credentials to the likes of Plaxo and LinkedIn so that they can pull in all of your contact information from other providers.

3. Installing a tethering app from someone whose livelihood you have no serious ability to impact (ie you can seriously damage the profit of T-Mobile if you prove they did something malicious, but you cannot seriously harm developer X on the market who released AppY for free).

While this post covers most of the basic hacks that might become as common as a virus infected windows pc, it does not cover the extreme dangers that rooting may present. Hackers don’t have to stand a mile away with a laptop to steal your contacts, but what about the possibility of an application to steal the information off your company ID , any card? Or the ability to remote-brick your phone? Or turn your camera into a webcam while your phone is on your dresser pointing and you and your loved one bumping uglies. While these threats may sound far fetched, they are still threats. Or in typical IT way these are potential risks.

Think like a hacker, Study up before you perform any checks like a simple hacker. Try to learn what it does and what it can or might do. Never do your banking on you mobile device. Never store any passwords on your phone. And if you have any questions regarding an app that what’s some weird permissions, ask a the supplier / support or contact any developer forum / the dev of the program and an outside source/ they will be glad to help.