How to Guard Against Mobile App Security Threats

Keep your handheld safe from data-stealing software and other malware.

With the rapid increase in use of personal mobile devices for work purposes, the importance of using discretion when downloading applications is even greater. Defrauders are clever and know how to take advantage of mobile capabilities. For example, malicious applications purporting to be from a major bank are not uncommon and often difficult to identify. They might appear to be legitimate, but they could put your personal information and any sensitive company data stored on your mobile device at risk.

mobileappmalwaregif

Some things to know about malicious applications:

  • They can sometimes be found in authorized stores alleging to be from legitimate institutions.
  • Data captured by a rogue application can go unnoticed for months.
  • Some mobile apps can unintentionally leak data or compromise your privacy.
  • Jailbroken phones are more susceptible to malicious apps because jailbreaking also breaks the security model on the phones.

Ways you can reduce the chances of downloading a malicious application:

  1. Only use reputable applications from trusted sources.
  2. Go directly to the desired vendor’s website for your applications and allow it to redirect you to the proper location instead of clicking on a link from an unknown site.
  3. Only install applications that you actually use and from sites you trust. Avoid tapping on advertisements.
  4. Analyze reviews from others prior to installing an application. Look for consistent feedback and any indications of problems.
  5. Use caution before downloading free applications. Most malware utilizes free applications.
  6. Check the service agreement (the one that you accept when you download the application). Look for any information regarding handling of your data.
  7. Make sure you know what information the app is trying to access. For example, when you install an app it will ask your permission for access. If an app asks for something that doesn’t sound necessary, don’t just click “OK” as it might be loading ads or communicating with a hostile site about your phone’s data.
  8. Pay attention to software updates. Malware authors could produce a harmless version of a game or utility program for a while to gain reputation and a user base, then introduce malicious code in an updated release. It may also be possible for apps to download new code on their own.
  9. Always have a backup available for your personal data; many cloud service providers offer this.
  10. Use security software. It may sound strange, having to install anti-virus or anti-spyware software on a phone. But if hackers can get in, who knows what could end up in your device?
  11. Take precautions opening emails on your mobile device, just as you would when using an actual computer.
  12. Limit use of Bluetooth. Bluetooth capabilities on today’s smartphones may make it easy to talk hands-free, but they’re also a target for hackers who can take advantage of its default always-on, always-discoverable settings to launch attacks.
  13. Require authentication. In other words, use your device’s password function.
  14. Turn on encryption. It sounds obvious, but many people don’t consider it for their phones.

How to tell if you have a malicious application on your device:

  1. Keep an eye on the text messages your phone has sent.
  2. Watch your phone logs for anything unusual.
  3. Check your bill for unknown numbers.
  4. Monitor the battery. If the battery life deteriorates unusually fast it could be an indication of malware.
  5. Realize that even after these other precautions, there’s still a chance you won’t be able to detect a malicious app.

If you discover a malicious application on your device:

  1. Immediately turn off the device.
  2. Remove the SIM card.
  3. Move out of range of Wi-Fi.
  4. Switch the device on.
  5. Remove the application.
  6. Monitor your device for anything unusual. If you still appear to be infected, the safest thing to do is wipe the device and restore from a previous backup.

 
Related stories

How to Guard Against Mobile App Security Threats

Keep your handheld safe from data-stealing software and other malware.

With the rapid increase in use of personal mobile devices for work purposes, the importance of using discretion when downloading applications is even greater. Defrauders are clever and know how to take advantage of mobile capabilities. For example, malicious applications purporting to be from a major bank are not uncommon and often difficult to identify. They might appear to be legitimate, but they could put your personal information and any sensitive company data stored on your mobile device at risk.

mobileappmalwaregif

Some things to know about malicious applications:

  • They can sometimes be found in authorized stores alleging to be from legitimate institutions.
  • Data captured by a rogue application can go unnoticed for months.
  • Some mobile apps can unintentionally leak data or compromise your privacy.
  • Jailbroken phones are more susceptible to malicious apps because jailbreaking also breaks the security model on the phones.

Ways you can reduce the chances of downloading a malicious application:

  1. Only use reputable applications from trusted sources.
  2. Go directly to the desired vendor’s website for your applications and allow it to redirect you to the proper location instead of clicking on a link from an unknown site.
  3. Only install applications that you actually use and from sites you trust. Avoid tapping on advertisements.
  4. Analyze reviews from others prior to installing an application. Look for consistent feedback and any indications of problems.
  5. Use caution before downloading free applications. Most malware utilizes free applications.
  6. Check the service agreement (the one that you accept when you download the application). Look for any information regarding handling of your data.
  7. Make sure you know what information the app is trying to access. For example, when you install an app it will ask your permission for access. If an app asks for something that doesn’t sound necessary, don’t just click “OK” as it might be loading ads or communicating with a hostile site about your phone’s data.
  8. Pay attention to software updates. Malware authors could produce a harmless version of a game or utility program for a while to gain reputation and a user base, then introduce malicious code in an updated release. It may also be possible for apps to download new code on their own.
  9. Always have a backup available for your personal data; many cloud service providers offer this.
  10. Use security software. It may sound strange, having to install anti-virus or anti-spyware software on a phone. But if hackers can get in, who knows what could end up in your device?
  11. Take precautions opening emails on your mobile device, just as you would when using an actual computer.
  12. Limit use of Bluetooth. Bluetooth capabilities on today’s smartphones may make it easy to talk hands-free, but they’re also a target for hackers who can take advantage of its default always-on, always-discoverable settings to launch attacks.
  13. Require authentication. In other words, use your device’s password function.
  14. Turn on encryption. It sounds obvious, but many people don’t consider it for their phones.

How to tell if you have a malicious application on your device:

  1. Keep an eye on the text messages your phone has sent.
  2. Watch your phone logs for anything unusual.
  3. Check your bill for unknown numbers.
  4. Monitor the battery. If the battery life deteriorates unusually fast it could be an indication of malware.
  5. Realize that even after these other precautions, there’s still a chance you won’t be able to detect a malicious app.

If you discover a malicious application on your device:

  1. Immediately turn off the device.
  2. Remove the SIM card.
  3. Move out of range of Wi-Fi.
  4. Switch the device on.
  5. Remove the application.
  6. Monitor your device for anything unusual. If you still appear to be infected, the safest thing to do is wipe the device and restore from a previous backup.

 
Related stories