Look before you tap
You may be surprised to learn that most successful account breaches nowadays have very little to do with directly exploiting a service in order to gain access to your information. It turns out, more often than not, the weakest point in the chain is the user. As in, you.
Unfortunately, there’s not an automatic or third-party way to avoid this kind of social engineering. If you want to keep your device and your accounts free from this kind of malware, you’re going to need to look before you tap. No one has a pallet of PlayStation 4 consoles just waiting to be given away if you click this link and sign in to your Facebook account, and there are no tricks to get rid of stubborn belly fat that require you to install an app that isn’t on the Google Play Store. Just like on your computer, you have to be mindful of your behavior.
Do not leave ‘Unknown sources’ enabled
We can’t stress this enough here at AC, because it truthfully is Step 1 in protecting yourself from so many dangers in the mobile landscape. Every Android phone includes the ability to install apps that do not come from the Google Play Store. For the most part, this is a great feature. It’s how you gain access to cool things like the Amazon Appstore, and it’s one of those things that helps keep Android open and flexible. Unfortunately, very few apps that ask you to enable this feature to install an app tell you to go back and disable this feature once the app is installed. Leaving this particular door open on your phone or tablet is something that should never happen, no matter how savvy you think you are.
This really is something everyone should do. Head to Settings on your device, scroll to security, and locate the option labeled Unknown sources. Uncheck the box, and while you are at it steal your friend’s phone and make sure their box is unchecked as well. (And then chide them for not using a lock screen password.)
Avoid illegitimate apps
There are good reasons to install apps that aren’t in the Google Play Store, but maybe not as many as there used to be. Google has worked hard to set up user testing areas for companies that want to beta test new features, which used to be the biggest reason to sideload apps. There are legitimate apps that would violate Google’s Terms of Service by offering their own app stores or offer content that Google disagrees with (Adult apps, for example), but outside of these apps there’s not much left unless you’re playing with Root access on your device. Tacking Root security is an entirely separate beast that we’ll set aside for another day, but for the majority of users out there all you really need to know is you should only install apps outside of the Google Play Store if you know without a doubt the app is safe.
As for piracy, it turns out the folks who steal apps from hard working developers and load them up on their own store for your to download for free aren’t the most trustworthy of folk. Crazy, right? These app stores could maybe be considered useful if you want to check out an app before buying it (because that’s totally what everyone who goes to those app stores are doing — cough, cough) but there’s zero regulation or moderation for most of these places. These apps could be tampered with, or the app could just be straight up malware that is labeled as something else, and by the time that app hits your phone it’s already too late. The best course of action is to just stay away, and stop pirating apps. You’re better than that.
Read app permissions
Every app you install on any Android device must tell you what parts of the OS, including your personal data, that app is going to have access to. This information is shown to you in between you deciding to install the app and the software actually being installed on your device, giving you time to look over what that app wants access to. While it’s easy to treat this popup like generic Terms and Conditions popups on traditional computers, the ten seconds it takes you to read over this list and make sure you want whatever app you are installing to have access to your data could easily be what stops you from installing something that you consider adware or malware.
It’s ten seconds of your life. Read the app permissions, and don’t be afraid to ask why certain apps ask for the permissions you see in that list. While there’s usually a good reason for that permission request, you’re better off knowing for sure.
Good antivirus software doesn’t hurt, but it may not necessarily help
It doesn’t matter what operating system you are using, there is no such thing as a total defense against the forces of malware, spyware, phishing, and in extreme cases even exploits that compromise your phone. We’ve seen everything from USB power stations that can execute malicious code when you decide to charge your phone at that free kiosk in the mall to chess apps that wait two weeks before asking you if you’d like to meet sexy singles in your area. While the software Google bakes into your phone does a very good job protecting you from most of the evils out there, it almost never hurts to have another set of eyes on the problem.
With a reputable antivirus app, you’ve got a couple dozen eyes backing you up. These companies employ security researchers that can help keep your identity secure while you browse the web, as well as help you with spammy callers and more robust remote security should your device be lost or stolen. You’re not going to get too much extra help when it comes to apps that are misbehaving, but if you look at the features offered by all of the apps that are out there you’re bound to find something that sounds better than nothing. It’s up to you to decide whether those features are worth using the app or not.