How secure is your smartphone?

Most people now know that all PCs connected to the internet should have anti-virus software. But should people have the same attitude to smartphones and tablet computers, especially those running the Android operating system?

Until recently, there was little malicious software for smartphones but the popularity of Android devices has changed this.

Because Android is an ‘open’ operating system, anyone can get an app published with few checks to verify its legitimacy. Furthermore, Android apps can be downloaded from unofficial sources with no checks at all performed.

People shouldn’t download software from a source they don’t trust, but plenty do.

Paranoid Android
In January 2010, the first phishing app appeared on the Android Market. A developer called Droid09 published a fake online banking app that asked users to enter financial details, which gave scammers access to users’ banking information.

The trend continued with more rogue apps – in August 2010, a media-player app appeared to just play music but in the background it was sending out text messages without the user’s consent.

In March this year, Google removed 58 potentially malicious apps from the Android Market, but not before they had been installed on some 260,000 devices.

Catalin Cosoi, head of the online threat lab at security company Bitdefender, says lax security is a big problem. “Unlike Apple, which imposes strict safety checks for its applications, Google welcomes any developer and their applications,” he explains.

“The time between the developer uploading an application and its publication on the market is kept to a minimum. However, the relaxed policies have been abused by some developers who have pushed malicious applications," Cosoi said.

More people are buying Android phones every day and as the numbers grow, so do the security threats. Bitdefender has found a nine-fold increase in Android threats since January 2011.

The way we use smartphones makes them ideal targets; valuable details such as names, emails, appointments, text messages, addresses and much more might all be stored on a handset.

Some malicious apps try to take such information from a phone while others use the phone to send premium-rate text messages from which the scammers profit.

Access prohibited
Security on the Android Market isn’t as strong as it should be. Vicente Diaz, senior security researcher at anti-virus company Kaspersky, says that Google is being irresponsible.

“I believe maybe it was for market share,” says Diaz. “Google needs to offer nice figures, to say ‘Now we have more applications than Apple.’ Still, I believe they should be doing some checks. There are some applications that should never have reached the market.”

Google declined to comment on Mr Diaz’s accusation.

A second problem is legitimate apps that have questionable hidden ‘features’. One such application – a free-to-download ‘torch’ that lights up the phone – asks for access to the internet, the number and serial number of the phone and details of dialled numbers, even though there is no reason for it to have those details.

The Apple iPhone is conspicuous by its absence from these discussions. The iOS operating system, also used on the iPad, is very different – it is a closed system with strict approval policies for apps.

Everything that appears in the iOS App Store needs prior approval from Apple and the chances of a malicious app making its way through are slim. Apps for iOS may only be bought through the official App Store – this ensures Apple gets a cut of every purchase but it also increases security for users.

Clear danger?
While some anti-virus companies have been publicising the problems with malicious Android apps, the scare stories should be taken with a pinch of salt – companies that sell anti-virus software will tend to emphasise security threats.

However, it’s true that scammers have discovered the possibility of using the Android operating system to commit crimes and there is a fast-growing market for malicious applications. Android users should be careful what apps they install and where they install them from.