Android Alert: Five Security Threats You Didn’t Know About

When you think of viruses, spyware, and other security threats, you probably think of your PC. After all, that’s where the majority of these kinds of attacks take place. But malware on your mobile phone? Or even your tablet? Nah, that could never happen. Could it? Yes it could, especially if your mobile device runs the Android operating system. According to Juniper Networks, Android malware samples increased a whopping 472 percent in the period between July and November, 2011.

Hackers have declared war on Android devices, and you might get caught in the crossfire. Fortunately, as Sun Tzu famously noted in The Art of War, “If you know your enemies and know yourself, you can win a hundred battles without a single loss.” Here are the five biggest enemies you should know — and how to beat them at their own game.

1. SMS Trojans

According to that same Juniper Networks report, nearly half the malicious Android apps circulating today are SMS Trojans, which send text messages in the background (meaning without your knowledge) to premium-rate numbers owned by the hackers. The end result: a potentially huge surcharge on your monthly carrier bill.

By far the best way to stop an SMS Trojan is to avoid getting hit by one in the first place. For that, make sure to install an Android security suite designed to combat all kinds of threats, not just a few. Also, don’t install apps that look suspicious or sound too good to be true.

2. Carrier IQ

Late in 2011, a researcher discovered that a rootkit from software developer Carrier IQ was running on millions of mobile devices. Though not overtly nefarious, the code reportedly logs users’ locations and keystrokes (including passwords). Most troubling, all this happens without users’ knowledge and without the option to disable it.

To guard against this threat, get Carrier IQ Test, a free app that can detect and remove the unsanctioned software.

Adjusting the settings for additional security.

3. Preloaded apps

Your smartphone or tablet probably came with some “bonus” apps, software that’s not normally included with Android but was added by the manufacturer or carrier. Last December, researchers discovered that some of these preloaded apps contain serious security vulnerabilities, the kind that can be used to wipe a handset, steal private data, or even listen in on phone calls. Even worse, because many of these apps are “baked in” to the OS, they can’t be removed.

If you have Android 4.0 (a.k.a. Ice Cream Sandwich), you can at least hide and disable bloatware apps. Just venture into Settings, Device, Apps, tap All, tap the app you want to banish, and then tap Disable.

4. Fake Google Play stores

Earlier this year, Google transformed Android Market into Google Play, where it consolidated various services (apps, music, e-books, etc.). Shortly thereafter, cybercriminals began creating fake Google Play domains designed to trick users into installing malicious apps.

The way to fight this threat is to get smart. Don't attempt to install the Google Play app on your own by downloading it. Instead, follow the usual procedures to update your device's OS. Also, Android security software can detect and remove any rogue apps you might inadvertently install, so it’s a good idea to run anti-malware utilities on your mobile device.

5. Android/FakeToken.A

You get a text message from your bank: “Your account has been comprised! Tap here to sign in and update your password.” Tapping the link takes you to a realistic-looking site, complete with the bank’s logo. So you sign into your account — and, in the process, open the door to Android/FakeToken.A, a form of remote-control malware that can steal all kinds of personal data.

Never, ever tap a link contained in an email or text message, no matter how legitimate it looks. Instead, open your browser and connect to your financial institution directly, making sure the URL starts with https://. Even better, if the bank offers its own app, use that to access your account. And if you’re really concerned about a security breach, call the institution directly.

[ This sponsored article was written by IDG Creative Lab, a partner of TechHive. ]

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Best of TechHive Newsletter