A one in 14 chance would be great odds for a draw prize, but those figures don’t sound so hot when you’re talking about identity theft. That’s how many U.S. smartphone owners were victims of identity theft in 2012, a rate that’s 30 percent higher than it is non-smartphone users. Unfortunately, identity theft isn’t the only risk when it comes to mobile security, where apps and other downloads make maintaining security pretty difficult.
Just how dangerous are those apps you download and use every day? Let’s take a look.
How Apps Make Your Device Vulnerable
A malicious app can cause a lot of problems on your mobile device. Just like malware on a PC, it can infect a mobile device with viruses or spyware, steal personal data, provide remote access to a cyber-criminal, or corrupt your operating system and render the device inoperable. The threat landscape for mobile devices is growing at an astounding rate. The Juniper Networks Mobile Threat Center (MTC) research facility found that from March 2012 to March 2013, mobile malware threats increased by 614 percent.
And here’s another surprising number: 92. That’s the percentage of threats aimed at Android users, who tend to make easier targets than those using iOS. While Apple devices can only run apps from the heavily regulated and closely monitored iStore, the Android OS permits open-source app development, which gives hackers a lot more room to play.
Risks for Consumer Apps
Apps for entertainment and personal use are often used by hackers to steal small amounts of money quickly from large numbers of people. Research released by Juniper Networks in June 2013 found that 73 percent of all known malware are either SMS Trojans or FakeInstallers. These programs trick people into messaging premium-rate numbers that appear to be free. They are usually prompted to do so to receive game bonuses or additional app features.
Each successful attack of this type brings in about $10. With multiple targets, the money adds up fast for hackers.
Another popular attack method for mobile apps is the perennial phishing scam. This scheme uses official-looking apps that ask for personal data, such as your email, social media passwords, or bank account information. Phishing is usually carried out under the guise of app permissions, similar to those required for some Facebook games. (Learn more about phishing scams in 7 Sneaky Ways Hackers Can Get Your Facebook Password.)
Risks for Business Apps
More people are working from their mobile devices, and the trend toward BYOD could represent a massive security risk for businesses as employees store and access sensitive data across a range of operating systems. Worse yet, there is no unified security protocol for mobile operating systems, particularly with the fragmentation of the Android platform. (Learn more about BYOD in The Three Components of BYOD Security.)
In the class of popular FakeInstallers and SMS Trojans, some sophisticated attackers have developed intricate botnets containing this type of malware. Targeted attacks using these botnets are capable of accessing corporate networks through mobile devices, and either disrupting them with distributed denial of service (DDoS) attacks, or stealing high-value data.
Businesses also face threats from a number of legitimate apps. According to Juniper’s research, free mobile apps are 2.5 times more likely to access user address books, and three times more likely to track user location than similar paid apps. This behavior can give hackers access to sensitive corporate data.
How to Spot a Bad App
While there is no foolproof way to prevent every malicious app, there are several steps you can take to ensure as much security as possible. These include:
- Avoid jailbreaking your iOS device (or rooting your Android device). This leaves your core operating system open to attacks from malicious apps.
- Thoroughly read through the permissions an app is requesting to access before you complete the download. If the app is looking to access private data, skip it and look for something else.
- Look for the name of the app’s developer. If it’s a person or company you’re not familiar with, plug the name into Google and scan the results. Often, a quick search will reveal whether a "developer" has a history of releasing infected apps.
- Read through the app’s user reviews to see if anyone has experienced infection or other problems.
- Download a mobile security solution for your device that contains anti-virus and malware scanning capabilities, like Trend Smart Surfing for iOS or TrustGo for Android.
The few extra minutes you’ll spend protecting your device could save you from disaster down the road. Practice smart, safe downloading and you can keep malware away from your smartphone or tablet.