There's been much controversy over mobile OS security, especially where Android is concerned. With 47% of the smartphone market in Q4 of 2011, according to ABI Research, it's no wonder that Android is getting attention.
Its openness fuels adoption by smartphone manufacturers and wireless carriers, aids in mobile innovation, and helps bring more free apps. But some, like those who develop security apps, think its openness also makes it an easier target for malware writers and cybercriminals.
Android Malware Growth
Depending on where you go, you'll find varying stats on the amount of Android malware we've seen thus far. This is complicated by the fact that most of the information available about malware comes from security vendors, who obviously have a pony in the anti-malware race.
One thing they all agree on is that the amount of malware targeting Android has been growing. For instance, a report from Trend Micro (PDF) includes a chart that shows a large spike in the amount of total Android malware in 2011. Meanwhile, according to NQ Mobile , cases of malware increased from 4,781 cases in 2009 to 10,369 cases in 2010 and 22,600 cases in 2011. And according to Lookout, the likelihood of Americans encountering Android malware went from 1% in the beginning of 2011 to 4% by year's end.
But the vendors don't always agree. For example, at the end of January, Symantec announced that 13 apps in the Android Market contained malware. Other security vendors disagreed; Symantec later backtracked and said that the code it thought was malware was really from an aggressive ad network.
Meanwhile, Google has reported a 40% decrease in the number of potentially malicious downloads from the Android Market from the first to the second half of 2011. (Of course, Google is only accounting for the official Android Market, while the security vendors also scan third-party app markets and websites from around the world.)
In addition, Google recently announced an internal malware scanner called Bouncer that scans apps submitted to the Android Market. And if something does slip by Bouncer, Google can remove the Market listings for malware apps and even remotely remove them from devices.
Android Malware in the Wild
However, all these varying statistics and countermeasures don't mean that there isn't bad stuff out there.
For example, in the spring of 2011, Lookout identified a Trojan app called GGTracker that was distributed via malicious websites that mirrored the Android Market. Once downloaded it could sign the victim up to premium SMS subscription services without their permission, charging the user's wireless carrier account. And the DroidDream Trojan, discovered in March 2011, was found in more than 50 apps in the Android Market. It could gain root access to Android, steal data and install more malicious apps.
What follows are reviews of five free anti-malware apps for Android devices: Avast Free Mobile Security, AVG Mobilation Anti-Virus Free, Lookout Mobile Security, Norton Mobile Security Lite and NQ Mobile Security. I've reviewed each of these apps based on what features it has available and how well the interface works. Most also offer for-pay versions that have additional functionality, which I've noted where it exists.
And many of them (in free and/or paid versions) don't only scan for malware and offer preventative measures, but provide anti-theft features as well -- such as alarms that can be triggered remotely (to call attention to the thief) or the ability to lock and/or wipe the device.
If you're reluctant to use a security app, perhaps it would help if you think of it as the equivalent of chicken soup: It can't hurt -- and could possibly keep help keep away any nasty infections that may be lurking about.
How to Secure Your Android Device
Here are some things you can do to dramatically reduce the risk of malware infections on your Android phone:
Use the official Android Market instead of third-party app stores or websites, especially now that Bouncer is used to monitor for malware. If you want to help ensure that you only install apps from Android Market, you can turn off the ability to install apps from unknown sources in by going to Settings and then to the Security menu (in Android 4.0 or later) or the Applications menu (in earlier versions of Android).
Research apps before downloading: Check the publisher and app reviews.
Pay attention to app permissions during the installation and check the market listing or developer for an explanation of any suspicious permissions.
Install an antivirus/security app.
Be wary of phishing scams and malware via the Web browser or SMS messages.
Be cautious if you root your device and keep an eye out for the Superuser prompts that are displayed when an app requests root permissions. Rooting allows you to use some powerful apps and even enhanced security functionality, but at the same time increases potential damage from infections.
To protect your Android device against local attacks -- a thief or snooper -- enable lock screen security (or, if you're one of the lucky few who already have Ice Cream Sandwich, you can test out the new Face Unlock feature.)
Finally, to prevent any malicious apps from sending messages to a number that will automatically charge your account, see if your wireless carrier can block the ability to sign up for premium SMS subscriptions.
Next Page: Mobile security app reviews...