Mobile applications assist us mightily with our daily tasks. They increase our productivity with anywhere, anytime, high-functioning tools, and they help us communicate and share information with family members, friends, and co-workers. Every day, the rapidly evolving app market brings us more apps to cater to our needs. Sound good? Well, it is! But sometimes, there’s a big gotcha.
Are mobile apps secure?
Although Apple’s App Store for iOS performs a pretty rigorous app vetting process to verify compliance with Apple’s requirements, you can’t automatically assume that Android apps are equally as safe, largely because the app vetting process for Google Play is considerably looser, while for third-party Android app stores it’s looser still or nonexistent. Some mobile apps are compiled to perform suspicious functions, as with malware apps that have the capability to copy real-time data from the user’s device and transmit it to the cybercriminal’s servers. Malware apps are programs that execute in parallel to the processes running in the background of the mobile OS, and they can stay alive and may remain undetectable to the average user during normal use of the device.
Unfortunately, malicious Android mobile apps and mobile malware threats continue to proliferate, especially if there’s a compromise or attack against an app store itself, when the opportunity to turn legitimate apps into bad, rogue versions, as with fake banking apps, is at its highest. But it doesn’t stop there. Another form of malicious functionality includes injection of fake websites into the victim’s mobile browser in order to collect sensitive information, acting as a starting point for attacks on other devices the user owns. This type of behavior supports phishing attacks, or is a consequence of it. And because mobile apps are usually more precise than desktop apps with providing continuous device location information, personal health metrics, and pictures and audio about you, you can be far more exposed through mobile apps than you might expect.
Mobile apps can also sense and store information, including your personally-identifiable information (PII), in a variety of ways, a situation made dangerous through excessive granting of privileges and privacy rights given away right at the beginning, when you install the apps. You may have overlooked the fact that the app is requesting access to the camera or the microphone, or the app may be collecting and storing sensitive information that’s not consistent with its user license agreement or its description of purpose. You might have a security risk on your device because the app may be scanning or accessing files that are not part of its own directory—an indicator of malicious activity. And though many apps are advertised as being free to consumers, the hidden cost of these apps may be the selling of your “user profile” to marketing companies or online advertising agencies.
Finally, apps may also contain software vulnerabilities, right in the code, which are susceptible to attack. Such vulnerabilities may also be exploited by an attacker to gain unauthorized access to personal data and sensitive information.
Protect yourself from mobile app threats
Your best defense against malicious apps and their nefarious cousins is to install a mobile security app with a strong app scanner onto your device. Trend Micro Mobile Security for Android, for example, can provide a level of confidence that the applications you install on your mobile device are free from potential threats, privacy violations, and vulnerabilities. Its Security Scan taps into a service in the cloud, powered by Trend Micro Mobile App Reputation Service (MARS), that employs machine-learning technology to check the latest information and reputation of both well-known and unknown apps associated with any risks. MARS is paired with the local scanner on the device—which uses a combination of static analysis, (which examines the apps’ source code and binary code) and dynamic analysis (which operates by executing a program using a set of input use cases to analyze the programs’ runtime behaviors)—to examine the apps you wish to download, or those already on your device, for any threats.
That’s right: Trend Micro Mobile Security’s scan uses advanced inspection and classification technologies that are capable of scanning apps even before they’re downloaded and installed from Google Play. The pre-installation scan detects malicious and potentially unwanted apps and warns you against their installation right from the Google Play store. Apps that are already installed may be also manually scanned on-demand for threats, and if Trend Micro Security discovers anything suspicious, it gives you the option to uninstall the app. This means side-loaded apps (which are installed when an app’s APK is downloaded from either a USB device or a link from a forum or website) can be checked by Trend Micro Mobile Security for threats and malicious behavior—again using the MARS database in partnership with the local signature and the behavior analysis functions. Once found to be malicious, the side-loaded app can be uninstalled.
Trend Micro Mobile Security’s proven track record
In short, Trend Micro Mobile Security provides total app protection for your mobile devices, helps uncover potential threats, and provides much-needed software assurance when you install Android applications. It monitors how applications interact with your data and ensures that the apps you install are secure. Its app scanning capability is one key reason among others that Trend Micro Mobile Security consistently gets top scores for malware detection and usability from independent labs such as AV-TEST.
Trend Micro Mobile Security for Android, with its industry-leading Mobile App Reputation Service and Security Scan, is your best defense against malicious, fake, and infected apps.
For more information or to buy Trend Micro Mobile Security, both for Android and iOS, go to Trend Micro Mobile Security Solutions.