By now, most of us know that when surfing the Web we shouldn't click on ads promising us new ways to lose weight without dieting, read emails about magic pills to boost our "egos" or even click on Twitter links about the "shocking" pictures some friend supposedly found of us online. That is, we know not to do those things from our computers. And hackers and cybercriminals know we know this, too. That's why they're targeting our smartphones.
A study by Trend Micro suggests that there are nearly 750,000 malware apps for Android users alone -- and that's just apps. A security company called Bitdefender documented a nearly 300 percentrise in Android-focused malware in 2013, though that's not limited to apps. And a Cisco security study issued last week showed that 99% of all the mobile malware out there targets Android users, noting that the fully 71 percent of Android users encounter some form of malware, either through apps, email phishing, "smishing" (the use of text messages to distribute malware) or other forms of social engineers.
Why the relentless focus on Android users? Well, for one, Android represents more than 80 percent of the new cellphones on the market, which makes it a better investment of a hacker's time. Next, the Trend Micro study found that the toolkits for creating this malware are readily available on the black market. Finally, several security researchers have identified a specific exploit malware makers can use to get into Android devices, which Google and Samsung identified not as a flaw, but as a "legitimate Android [function used] in an unintended way."
That keeps me up at night… and I don't even have a cellphone. (Kidding.)
So what's the average Android user to do?
1. Treat Your Smartphone Like a Computer
If you wouldn't click on it, open it, download it or go to great efforts to get it for free (like trying to pirate it) on your super-expensive laptop, don't do it on your smartphone. That "free" version of a legit app is something you might end up paying for when your phone starts spamming other users with texts you didn't send, and that "link" to supposed pictures of yourself is more likely a malware downloader than memories of Spring Breaks past. We all know what not to do "on the Internet" but, with a smartphone, you're always on your computer and on the Internet even when you're not at your desk.
2. Wait Until Later
Just because it's delivered to you with the immediacy of a smartphone doesn't mean you have to open it on the run. If it looks iffy, wait until you get home and use a URL expander to check where shortened links really lead, or call or email the friend who sent something that looks fishy. Nothing is that much of an emergency.
3. Download Apps From Only Verified Providers
Malware developers may simply take apps people want (but maybe don't want to pay for), update them with malware and upload them to the Google Play store for unsuspecting users to download. If you don't see a little blue icon next to the company's name in the Google Play store, they aren't a verified developer. And if you don't see a bunch of positive reviews of an app or you've scrolled through many pages of potential 99-cent apps to find this "great" free one, you might want to consider what, if anything, you'll really be saving if you download malware.