Just how dangerous are those apps you download and use every day? Let's take a look.
How Apps Make Your Device VulnerableA malicious app can cause a lot of problems on your mobile device. Just like malware on a PC, it can infect a mobile device with viruses or spyware, steal personal data, provide remote access to a cyber-criminal, or corrupt your operating system and render the device inoperable. The threat landscape for mobile devices is growing at an astounding rate. The Juniper Networks Mobile Threat Center (MTC) research facility found that from March 2012 to March 2013, mobile malware threats increased by 614 percent.
And here's another surprising number: 92. That’s the percentage of threats aimed at Android users, who tend to make easier targets than those using iOS. While Apple devices can only run apps from the heavily regulated and closely monitored iStore, the Android OS permits open-source app development, which gives hackers a lot more room to play.
Risks for Consumer AppsApps for entertainment and personal use are often used by hackers to steal small amounts of money quickly from large numbers of people. Research released by Juniper Networks in June 2013 found that 73 percent of all known malware are either SMS Trojans or FakeInstallers. These programs trick people into messaging premium-rate numbers that appear to be free. They are usually prompted to do so to receive game bonuses or additional app features.
Each successful attack of this type brings in about $10. With multiple targets, the money adds up fast for hackers.
Another popular attack method for mobile apps is the perennial phishing scam. This scheme uses official-looking apps that ask for personal data, such as your email, social media passwords, or bank account information. Phishing is usually carried out under the guise of app permissions, similar to those required for some Facebook games. (Learn more about phishing scams in 7 Sneaky Ways Hackers Can Get Your Facebook Password.)
Risks for Business AppsMore people are working from their mobile devices, and the trend toward BYOD could represent a massive security risk for businesses as employees store and access sensitive data across a range of operating systems. Worse yet, there is no unified security protocol for mobile operating systems, particularly with the fragmentation of the Android platform. (Learn more about BYOD in The Three Components of BYOD Security.)
In the class of popular FakeInstallers and SMS Trojans, some sophisticated attackers have developed intricate botnets containing this type of malware. Targeted attacks using these botnets are capable of accessing corporate networks through mobile devices, and either disrupting them with distributed denial of service (DDoS) attacks, or stealing high-value data.
Businesses also face threats from a number of legitimate apps. According to Juniper’s research, free mobile apps are 2.5 times more likely to access user address books, and three times more likely to track user location than similar paid apps. This behavior can give hackers access to sensitive corporate data.
How to Spot a Bad AppWhile there is no foolproof way to prevent every malicious app, there are several steps you can take to ensure as much security as possible. These include:
- Avoid jailbreaking your iOS device (or rooting your Android device). This leaves your core operating system open to attacks from malicious apps.
- Thoroughly read through the permissions an app is requesting to access before you complete the download. If the app is looking to access private data, skip it and look for something else.
- Look for the name of the app’s developer. If it’s a person or company you’re not familiar with, plug the name into Google and scan the results. Often, a quick search will reveal whether a "developer" has a history of releasing infected apps.
- Read through the app’s user reviews to see if anyone has experienced infection or other problems.
- Download a mobile security solution for your device that contains anti-virus and malware scanning capabilities, like Trend Smart Surfing for iOS or TrustGo for Android.