Android may have a more open platform than Apple, but with that comes the potential for malware. Google is trying to take steps to fic that with things like Google Play Protect. With a little bit of care, though, it’s pretty easy to keep your phone safe and malware-free on your own.
This Cybersecurity Awareness Week article is brought to you in association with Incogni.
What Is Android Malware?
I’m sure you’ve heard the term “malware” (short for “malicious software”) before. It’s all too common of an issue on Windows, but you can’t really think of it as the same thing on Android. It’s not going to cause a bunch of popups, make your browser lag, install toolbars, or anything like that. It just doesn’t work the same way.
Instead, it’s a lot less in your face. Often, people won’t even know they have this garbage installed because it keeps itself more hidden on Android. A malicious app may disguise itself as a legitimate app, or it may hide itself from your view completely. All the while, though, it can run in the background doing any number of questionable activities, like stealing your private information and uploading it who knows where.
For example, 2018’s Skygofree malware did some pretty bad stuff—like having the option to execute some 48 different commands, turn on your phone’s microphone, connect to compromised Wi-Fi, collect tons of information, and more. It was a bad situation.
But don’t dump your phone and head for Apple just yet. It’s pretty easy to avoid malware on Android, as long as you’re even the slightest bit careful. Here’s what you should do.
Stick With Official Apps, and Be Cautious when Sideloading
One major thing that sets Android apart from other mobile operating systems is the ability to sideload apps—that is, install apps that aren’t in Google’s official Play Store. Most people won’t need to do this, but it can be handy if an app isn’t available in your country or the latest version of an app hasn’t rolled out to your device yet.
Unfortunately, this setting can be dangerous. Google is also actively taking steps to reduce the number of malicious apps found in the Play Store, but it has less control over what you choose to manually install—and if you’re installing apps that haven’t been vetted, you’re at a much higher risk for installing malware. That’s why the option to sideload is disabled by default.
When sideloading any app, take a few seconds to ask yourself if you trust the source. Is it coming from a legitimate place? For example, you’re probably safe if the app is coming from a trusted source such as APK Mirror, since all files are verified and approved before they’re allowed to be hosted on the site.
If, on the other hand, you’re downloading an APK from a site you don’t know, do some research first. Is this the developer’s website? Is the developer a well-known and trusted one? Have other people vetted this software? And while you’re there, just look at the site—how many ads are there? What is the quality of those ads? If there’s a lot of fishy stuff going on, odds are you should probably avoid it.
Avoid Third-Party App Stores
Because you can sideload apps on Android, that means you can also sideload third-party app stores. There aren’t many legitimate reasons to do this, though there are exceptions—like using Amazon’s Appstore for exclusive apps or deals and F-Droid for open-source apps.
But the general rule here should be this: just use the Google Play Store. It’s not perfect, but it’s still a lot safer than using some potentially janky third-party option that could be filled with all sorts of junk. Here’s how a bad situation could play out: let’s say you install a questionable third-party app store. You have to enable sideloading to install it in the first place, which allows you to use this app store to install more apps.
But what if this app store itself is malicious? Now, it has permission to install more apps so that it can install more malware. This is one of the primary ways malware is spread through the system.
For Crying Out Loud, Don’t Install Pirated Apps
This goes hand-in-hand with the above point and probably goes without saying—I really wish it did—but don’t pirate apps, you guys! Just like on Windows, pirating software is a great way to riddle your device with all sorts of questionable software. Who knows what you’re actually installing with pirated content because it’s not always what you think it is.
Also, you know, pirating software from hardworking developers is just a generally crappy thing to do. Developers are people who deserve to be paid for their work. So just don’t do it, okay?
Make Sure You’re Installing Official Apps, Even When Using Google Play
All the above said, Google Play still isn’t perfect. For example, there was once a fake Whatsapp listing in the Play Store, and it had been downloaded over one million times. It was such an impressive fake listing because even the developer’s name looked nearly identical to the actual developer of WhatsApp. That’s pretty scary stuff.
Again, Google is actively taking steps to reduce these kinds of problems, but a little due diligence can go a long way. When you’re installing a new app, be wary of anything that looks amiss. Check its permissions, read the description, and check the developer’s account. If something doesn’t look right, it probably isn’t.
Always Install System Updates
Google releases monthly security patches for Android, which help keep the system protected against attacks—especially when a specific vulnerability is found that malicious applications are trying to exploit.
While not every manufacturer will release updates as quickly as they should, it’s your job to install every one they do send out. They won’t all bring new features, but the stuff they do behind the scenes will keep you protected against these attacks. Take 15 minutes out of your day and do it.