The risks to Android phones and tablets from malware -- or software written with 'malicious intent' -- are rising rapidly. These threats are multiplying faster than gremlins in a swimming pool, so how do you protect your device from evil doers' dirty deeds?
Just like on Windows computers, malware can steal credit card information and contact lists. However, recent reports say that the most popular malware 'payloads' are currently premium SMS apps to steal your money. Another way in which malware could compromise you is by recording your phone calls and sending them on to some unscrupulous hacker.
Scared? Fret ye not, because there are ways to minimise the risks from malware and other security risks. Read on to find out how.
How malware gets onto your Android device
The ways malware gets onto your device are called attack vectors. These range from untrusted apps downloaded from the Google Play store onto your mobile, to someone simply stealing your phone. But the most likely way malicious code will be used on your device is through 'social engineering'. In other words, tricking you.
For every popular mainstream application, for example, there will be another app with a slightly different name, created in the hope of fooling users who are not discerning enough in their Play store searches. Not all of these are malicious, but do be sure to avoid them anyway. (The main benefit of Apple's closed-door policy is that the iOS App Store is largely free of these duplicates.)
Even though Android apps ask for certain permissions from you when you install them, this level of security is largely redundant, since most apps ask for multiple permissions -- even the good ones -- and who has the time to assess the potential risks with every single app? All the more reason to make sure the products you obtain are genuine and not dodgy imitations, then.
You also need to be aware that, if you've installed a custom ROM, your device is necessarily rooted. This means malware can exploit the operating system to grant itself root permission and install extra software without any interaction from you.
Basic tips and behaviours to protect your phone
The first line of defence in any form of cyber security is to modify your behaviour. For instance, keep as little personal information on your phone as possible. Don't keep passwords and credit card details in unencrypted files.
Similarly, when your mobile browser asks to remember your passwords, just say no! Instead, use a secure solution such as LastPass. See our guide on how to setup LastPass here.
Android has plenty of ways to physically restrict access too. Browse through the options in the Screen Lock section of the Security section of Settings. There you can set a PIN, password or a pattern to swipe on the screen. For more examples, see our guide on how to make your Samsung Galaxy S3 more secure.
Even if someone can't gain physical access to the user interface of your Android device, they could always try to get at your data via the USB port. To defend against this, use the built-in encryption option to encode all of your data and settings. It takes an hour to encrypt everything, so you will need a fully charged battery or run from mains power.
You should also be careful about what you install on your device from the Play store -- as the old saying goes, beware cheap imitations. To keep this threat in context, however, Symantec maintains an audit of the number of malware-infected applications in the Play store. Out of 120,472 entertainment apps, only two were known to be infected with malware. What you should think twice about doing, though, is enabling the 'Unknown sources' option in your security settings that lets you install any old .APK file.
You should always keep your device updated with the latest firmware updates -- although devices locked to a network are usually slower to receive these.
Avoid wireless promiscuity too -- don't have Bluetooth enabled if you don't need it, and avoid using unencrypted Wi-Fi hotspots as you'll end up broadcasting your Google account details to anyone with packet-sniffing software.
Anti-malware recommendations
Most of the time, the behavioural defences above are enough to keep you safe against the statistically low chance of being infected by malware. But if you feel you're a particularly high-risk case, it's worth installing an anti-malware application to make sure your device does not get infected.
A recent survey by anti-virus benchmarking site av-test.org showed that the following anti-virus and anti-malware suites had a 90 per cent or higher success rate in detecting known threats.
- avast! Mobile Security (also features a firewall for rooted users)
- Lookout Security & Antivirus
- Dr Web Anti-virus
- F-Secure Mobile Security
- IKARUS mobile.security
- Kaspersky Mobile Security
- Zoner AntiVirus
- McAfee Antivirus & Security
- MYAndroid Protection Antivirus
- NQ Mobile Security & Antivirus
Managing a lost device
If you happen to lose your device, there are services out there that will track it for you, so you can look up its location. These services also let you remotely lock the phone or even erase all of your data in the unfortunate event that you cannot recover the device.
We've already written a guide about using Lookout on your Android device, but there are alternatives such as Klomptek's Track&Protect. Lookout also makes Plan B, which is supposed to be a retroactive solution to tracking a lost phone -- however, in my testing, it failed to work automatically as it was supposed to.
The services mentioned above usually cost money, but if you only want to track your device free of charge, then check out Where's my Droid.
Secure your networking
To stay secure, you also need to think about your network connection. If you need a firewall, DroidWall is a popular choice. Firewalls are probably overkill, as your home Wi-Fi router and your mobile network will both offer some firewall-like protection.
Virtual private networks (VPNs) allow you to encrypt all of your communications, which is invaluable if you use lots of unknown Wi-Fi, or even worse, unencrypted hotspots. Some to check out are WiTopia, Relakks and IPredator.
Image credits: Laihiu, Greyweed, RiRi Trautmann.
Android App 
RSS Feeds 
iPhone App 
Newsletters
Comments 33
Add your comment
anonymous 17 October, 2012 11:52
or just get an iPhone and not hace to bother with all this hassel and rubbish.
built in security? tick.
anonymous 17 October, 2012 12:03
Anti Spy Mobile Free doest the perfect job for Android!
DPC666 17 October, 2012 12:13
Or just use your common sense, it's not difficult
anonymous 17 October, 2012 12:25
@ anonymous 17 October, 2012 11:52
But I'm guessing not a built in spell checker?
I'm sure there was 1 dodgy spyware app got past Apple and was on the store
anonymous 17 October, 2012 13:10
Tere are some great password/identity managers out there. I'd suggest Password Genie for Android
anonymous 17 October, 2012 13:19
@anonymous 12:25 - it was one simple letter that is next to each other on the keyboard.
does it really make that much difference? you obviously understood what the post meant.
admit it, apple and iOS is a much bette operating system security wise, without the need for extra apps or an anti-virus protection put on any of their devices.
android fan boys just can't hack it.
anonymous 17 October, 2012 14:09
Only reason apple is so secure is because they lock you down to what they want/allow you to install. Maybe it's time you admit that. I'll take my chances with android tyvm.
anonymous 17 October, 2012 16:01
Thank you for the information cnet.
I am a recent returnie to Android and this information is useful. With regards to the iPhone conversation, I would say having had an iPhone 4 for 2 years before I changed to my SGS3. iOS is mostly secure, most of the chances that malware developers have to infect a smart device are covered by iOS. But I must say add to this comment that iOS although is very successful, it has not evolved in quite a while.
But the iPhone is still a good phone, present iPhone 5 problems aside that is.I have also read that Apple are now tracking what people use their iPhones for and where they go again. So we will what happens there.
All the best everyone.
anonymous 17 October, 2012 16:07
I have never got any malware.
I sometimes install a mobile security scanner when articles like this scar me, scan - find nothing - then just uninstall the scanner
When I install an app i quickly read a few of the ratings just to check there is no air-push ads because they are annoying
anonymous 17 October, 2012 18:02
@anonymous 17 October, 2012 13:19
Much better?
I own an Android phone now and had one prior to this one too. Can't say I have ever had a virus or malware affect my phone. Therefore your over generalisation is daft.
Plus, calling Android phone users "fan-boys" shows the level of maturity that you possess. Or rather, lack thereof.
CaptainPicard 17 October, 2012 18:27
I use security software on my droid, does CNET advocate I download Barclays Ping It and similar apps?? And many banks provide free top of the range security software for phones plus any money lost to malware scams and hackers can be compensated by most banks.
anonymous 18 October, 2012 09:20
iPhone secure? How foolish you are!
Ichi_Bear 18 October, 2012 12:17
I use avast! It has worked well for me so far. I don't root my Android phone now or install custom ROMs for security reasons. I've always been a bit wary of them :-\
anonymous 18 October, 2012 12:18
The tests are outdated - were conducted in march 2012 ...
Ichi_Bear 18 October, 2012 12:18
I use avast! It has worked well for me so far. I don't root my Android phone now or install custom ROMs for security reasons. I've always been a bit wary of them :-\
anonymous 18 October, 2012 13:27
So..
Since the apple fanboys are on here speaking of how secure the iPhone is, I would just like to remind you that the iPhone can be Jailbroken by going to a website. Jailbreaking an iPhone does what again? Oh, that's right, it gives you root access.. But thats not unsecure. Save your little fingers from typing that Jailbreaking is not the same... My point is that something as simple as going to a website opens a vulnerability in the iOS software.
Both Android and iPhone are vulnerable, and always will be, just like MacOS, Windows, Linux, what-have-you. But these end up being more vulnerable from the third party applications that run on them... Did someone mention Adobe? No? Oh well then..
It doesnt matter what the Apple/Android store or the OS running does, all your data is sold by the carrier, and you being on a WiFi network allows someone to intercept any packet they want. Get over it.
anonymous 20 October, 2012 08:29
As the author mentions, I also had concerns about my private data like emails,files and other stuff.
Since most of my communication especially these that must be encrypted is done by email,I’ve looked for a secure email app for my Android device.
I must say that the default email app in Android is defiantly not secure, I've looked around for a good email app with robust security features.
I found several business apps but after doing some benchmarks I decided to use Emoze to secure my Android device .
The OTA protocol has two layers of encryption ,AES bundled with SSL which is pretty much immune to MITM attacks.
Emoze security features allows you to find the device location by SMS or email ,remote wipe or block by SMS as well as to encrypt your files and private data.This is cool because you don’t need PC connected to the internet to get the job done ,you can simply send SMS to your phone number to
activate the security process.
James Skinner 20 October, 2012 19:35
in the future android updates there should be an inbuilt antivirus
anonymous 21 October, 2012 15:54
I would get an IPhone and skip all this hassle if the iphone could do all that I can do on my phone.
anonymous 21 October, 2012 17:35
Yes Android is very unsecure, that's why the US government wants to adopt them as the prime choice for their military. Clearly the US military is not concerned with security right?
http://www.cnn.com/2012/02/03/tech/mobile/government-android-phones/index.html
anonymous 28 October, 2012 02:55
Check out Ding Dong Doorbell on Google Play! https://play.google.com/store/apps/details?id=com.flippingorilla.doorbell
anonymous 25 November, 2012 21:11
Get an iPhone? How childish is that answer. IPhone's can get virus' too. IPhone security is not fool proof, especially if your iPhone is jail broken. ANY operating system can be hacked, and that includes ios and MacOS. Please contribute usual answers not uninformed, childish, Apple fanboy gibberish.
anonymous 26 December, 2012 04:32
So no mention of Tectdroid? It's the only app in the world that gives users photo security when someone tries to access your lost or stolen phone legally. No root or jailbreak needed. Oh it's also currently half price at 99c!
Www.tectdroid.com
anonymous 27 December, 2012 10:56
For Android users without root permissions Droidwall won't be any help. Mobiwol is a new free firewall app available on the Play market that doesn't require root access and gives users the option to disable web connectivity of their choice of apps. good app to download since most users don't only surf over their home network. this way can block any suspicious activity.
http://www.mobiwol.com
https://play.google.com/store/apps/details?id=com.netspark.firewall
anonymous 1 January, 2013 13:57
David Gilson is working for Google. How else can you write a story that tells you it is not that bad as long as you just do not use your phone/organizer for anything else then being source and medium for Google to measure and manipulate behaviour?
anonymous 2 January, 2013 15:24
"WHO SPY" is a new security tool, enable you to make a fast review of the applications installed on your device,
and the permissions you gave them to access your private data.
https://play.google.com/store/apps/details?id=com.astal.whospy
anonymous 8 February, 2013 06:12
I see some typical iSheep responses on here. iFags are so clueless they crack me up.
anonymous 19 February, 2013 09:25
For virus security purpose, there are lot of anti virus software available in a market. You can easily purchase it for your Andorid phones.
anonymous 11 March, 2013 17:44
We can just suggest you to take a VPN whenever you use a
public network and want to avoid any eavesdropping.
---
www.cryptip.com
anonymous 29 April, 2013 03:54
yeah get an iPhone! my home network, wifes galaxy tab 2, our PC, and her iphone were hacked. my GS3 was not affected though. don't be a fool and think because its an Apple than no one will get into it.
anonymous 29 April, 2013 11:11
you could mention the app called CERBERUS
https://www.cerberusapp.com/
it's one of the most secure and feature rich apps i have seen and used.
anonymous 29 April, 2013 13:15
Not a fair reference and inaccurate....March 2013 found Avast 6th from bottom for protection - Not good. The biggest omition is the AVG - the most popular Antivirus as not tested. It is like saying the iPhone is the best smart phone without including the HTC One in the test?
anonymous 21 May, 2013 22:21
Thanks 4 ur new information.I had an idea of all but didn't knov all these stuff a more abt.ThaAnks a loooot:-)