cirrus minor

How to Spot an Android Trojan

A recent report warns that Android malware is twice as common as it was six months ago. Here's how you can separate the bad apps from the good.

 

Malware that targets Android phones is on the rise. According to a recent report from mobile security specialists at Lookout, Android users are more than twice as likely to encounter nefarious software today than they were six months ago. When did downloading apps become a contact sport?
The open nature of the platform and the ease with which developers can upload apps in Google’s official Android Market are partially to blame. The same accessibility that makes Android attractive to phone manufacturers and developers has attracted the attention of mischief-makers and malware creators out to make a quick buck.
Fortunately, mobile devices have some inherent protections that don’t exist on traditional PCs. For any malware to infect your phone, you need to take some kind of action for it to happen—usually downloading and installing an app. That’s the good news. The bad news is that there are hundreds of thousands of Android apps, spread over several app stores. No cell phone is an island—you’ve got to download something at some point.
If you’re an Android user, there are a number of precautions you can take to better protect yourself (first thing: use a lock code on your phone). Downloading from only “trusted” sources is always good advice, but how do you know who to trust? Lots of great apps come from little developers and small businesses that most people wouldn’t recognize. How can you tell the difference between them and the bad guys?
There are a number of warning signs to help you spot evildoing Android apps, and we’ve compiled them below. But the main ingredient in protecting yourself is always vigilance. Read before you download—and after. Don’t blindly click on things (like permissions agreements) with wild abandon. All the rules below are essentially extensions of the golden rule of all security: stay on guard.
1. Look Up the Developer
When DroidDream, the first trojan to appear in the official Android Market, was discovered, th apps that contained the malware were from developers with names like Kingmall2010 and we20090202. Likewise, they hadn’t even replaced the default Android icon on the apps’ description pages. If there’s no real logo, and you haven't heard of the developer, at least Google the developer's name to see if it's legit.
2. Be Wary of Knock-Off Games
Games are trap of choice among many malware creators. Casual gaming on phones has been skyrocketing in recent years—no surprise when many apps cost just a buck or two. If it’s free, even better, right? Wrong. Some trojans disguise themselves as free versions of paid games, just with malware. Late last year a trojan dubbed “Gemini,” which recruited infected phones into a botnet, was found in various pirated versions of Android games, including President vs. Aliens and Baseball Superstars. If you think you're getting something for free that you would otherwise have to pay for, consider that you may be paying in another way: with your security.
2. Examine App Permissions
Every app in the Android Market has a page that explains what permissions you need to grant it for it to work properly. However, if that app actually ends up trying to grab more permissions than listed, that’s a huge red flag. Be sure to read any permissions requests carefully—why is a game asking to see your contact list, for instance? If you suspect any Android app of being malware, go to Manage Applications in your phone settings to check what items it has access to.
4. Negative Reviews
It’s fairly obvious, though it bears pointing out: If an app has several user reviews condemning it as malware, it’s probably malware. But even if an infected app’s nefarious payload hasn’t been discovered, its doubtful the creator hasn’t taken pains to make the app any good, and the reviews will probably reflect that. Bad reviews aren’t often a smoking gun, though: malware apps usually aren’t in app stores long enough for these to be a real guide, but that leads to another tip: if the app is brand new, and it’s not from a brand you know, wait a few days before you download.
5. Location Matters
Unlike other mobile platforms, Android has several third-party app stores, of varying quality and legitimacy. On top of that, the official Android Market is not available in some countries. China is the most notable notable one, and it’s no coincidence that the majority of Android trojans appear to originate from there. Most foreign Trojan developers don't invest in high-quality English-language marketing materials. Things like broken English, some details left blank, and incomprehensible strings of characters should all have you running away fast.