When you’re evaluating mobile device management solutions, make sure that your service has the ability to scan for and eliminate Android malware so that you can keep it out of your network. Consider these statistics from a recent mobile security survey:
• The number of Android malware programs rose from 25,000 in 2011 to 65,000 in 2012.
• 11 million Android devices were infected in 2011. In 2013, 33 million were infected.
• The top five countries for Android infections were China, India, Russia, United States and Saudi Arabia.
• Ninety-four percent of all mobile malware is written for Android.
How Android Gets Targeted: App Repackaging, Malicious URLs and Smishing
The most common way of targeting Android users, which is called app repackaging,involves taking a normal app from Google Play, altering it with malicious code and offering it within an unofficial app store. Even within Google Play, apps don’t go through the type of vetting process required by Apple’s App Store, which means that users can download corrupted apps from Google Play itself.
China may be the world’s top country for Android exploitation. Google Play can’t sell paid apps in China because of its opposition to Chinese government privacy policies. As a result, Chinese users have to sideload many Android apps from unofficial stores. A study from the University of California at Davis found that Chinese social networking apps often have sloppy code that malware creators can easily exploit. Also, a study from the Chinese government found that two-thirds of Chinese-made apps read user data, and one-third of them read data that has nothing to do with their stated purpose. Additionally, 15 percent of Chinese-made apps make calls and send texts that the user doesn’t know about.
Android users can also download malware from malicious websites. Slight changes to a URL can take a user’s browser to a website that may ask them to input personal information. A malicious site may also portray a malicious piece of software as a legitimate program for downloading. Another way that cyber criminals target Android is through “smishing.” Smishing involves sending an unsolicited SMS that contains a malicious link. If the user taps the link, then the Android device downloads a malicious app. In many cases, these apps give the creators access to premium text messaging services on the victim’s phone. Premium text messages are then sent without the user’s knowledge, resulting in a gigantic phone bill.
Keeping Android Devices Safe
Teach your employees to follow these tips that will enhance Android device security:
• Only use Google Play. Never sideload an app from an unofficial app store because these apps don’t go through Google’s vetting process.
• Check URLs. Never fill out an online form or click a link without first verifying that the Web address is legitimate.
• Avoid tapping links from suspicious sources. Whether you’re looking at an e-mail or an SMS, avoid clicking links. If it’s an official-looking message, like something from your credit card company, then login to your account through the company website instead of by clicking the link.
• Avoid adult content. This is good advice for any employee who’s using a company issued device or using his or her own device to access the company network. It’s also good advice because sophisticated websites are riddled with malware.
• Keep your software updated. You wouldn’t fail to install a Windows patch, would you? Of course you wouldn’t. The same applies to Android. Update your software immediately because these updates often seal up known vulnerabilities.
• Track your device. If you lose your Android phone or tablet, then make sure that you have an app that will track your device. It’s also crucial that your app allows you to remotely wipe the device.
Your employees’ beloved Android devices aren’t going anywhere anytime soon. However, a good mobile device management program and some common-sense training will make your network much more secure.
