By now, most of us know that when surfing the Web we shouldn't click on ads promising us new ways to lose weight without dieting, read emails about magic pills to boost our "egos" or even click on Twitter links about the "shocking" pictures some friend supposedly found of us online. That is, we know not to do those things from our computers. And hackers and cybercriminals know we know this, too. That's why they're targeting our smartphones.
A study by Trend Micro suggests that there are nearly 750,000 malware apps for Android users alone -- and that's just apps. A security company called Bitdefender documented a nearly 300% rise in Android-focused malware in 2013, though that's not limited to apps. And a Cisco security study issued last week showed that 99% of all the mobile malware out there targets Android users, noting that the fully 71% of Android users encounter some form of malware, either through apps, email phishing, "smishing" (the use of text messages to distribute malware) or other forms of social engineers.
Why the relentless focus on Android users? Well, for one, Android represents more than 80% of the new cellphones on the market, which makes it a better investment of a hacker's time. Next, the Trend Micro study found that the toolkits for creating this malware are readily available on the black market. Finally, several security researchers have identified a specific exploit malware makers can use to get into Android devices, which Google and Samsung identified not as a flaw, but as a "legitimate Android [function used] in an unintended way."
That keeps me up at night... and I don't even have a cellphone. (Kidding.)
So what's the average Android user to do?
1. Treat Your Smartphone Like a Computer
If you wouldn't click on it, open it, download it or go to great efforts to get it for free (like trying to pirate it) on your super-expensive laptop, don't do it on your smartphone. That "free" version of a legit app is something you might end up paying for when your phone starts spamming other users with texts you didn't send, and that "link" to supposed pictures of yourself is more likely a malware downloader than memories of Spring Breaks past. We all know what not to do "on the Internet" but, with a smartphone, you're always on your computer and on the Internet even when you're not at your desk.
2. Wait Until Later
Just because it's delivered to you with the immediacy of a smartphone doesn't mean you have to open it on the run. If it looks iffy, wait until you get home and use a URL expander to check where shortened links really lead, or call or email the friend who sent something that looks fishy. Nothing is that much of an emergency.
3. Download Apps From Only Verified Providers
Malware developers may simply take apps people want (but maybe don't want to pay for), update them with malware and upload them to the Google Play store for unsuspecting users to download. If you don't see a little blue icon next to the company's name in the Google Play store, they aren't a verified developer. And if you don't see a bunch of positive reviews of an app or you've scrolled through many pages of potential 99-cent apps to find this "great" free one, you might want to consider what, if anything, you'll really be saving if you download malware.
4. Keep an Eye on Your Bill
If you do download malware by mistake, even deleting the app might not end the infection. You should be checking your data and text usage to watch for spikes, as most malware is designed to send texts, steal and transmit data, or serve you with extra ads. If you notice usage spikes even if your behavior hasn't changed, have dropped calls that didn't used to drop or a battery that runs down faster than normal, these are other signs that you should back up your photos and factory reset (i.e., delete everything on) your phone.
Finally, if you think you may have been victimized by a malware attack on your phone or anywhere else, your personal information could be at risk. Monitor your accounts closely, check your credit reports (you can do that for free once a year), and use free tools like Credit.com's Credit Report Card to monitor your credit and credit scores every month. If you see something out of the ordinary, jump on it. The hackers are hoping you won't.