Android is the most popular mobile operating system, which explains why Android-specific malware is the most common. There is another reason Android users are more exposed: Android lets you install apps from any source, not just from the one official store, as is the case with iOS.
On the one hand, this gives Android users a wider selection of apps. On the other hand, it compromises security because anybody can write an app and distribute it over all sorts of channels, be they app stores, ads, or discussion boards — you name it. Getting an Android device infected is the easiest thing in the world. Yet there are also ways to minimize the risk. Here are five basic rules you should follow to avoid problems.
1. Download apps from Google Play only
Google has an entire department specifically tasked with checking apps that end up in Google Play. Admittedly, malware still manages to find its way into the store. Yet the risk of downloading a malicious app from the official Google store is much lower compared with any other source; Google reps filter out the bulk of malware before it reaches users.
You might also trust other stores, as long as they are big and well known and have a policy of not accepting questionable apps from developers. The safer course of action, however, would be to disable the installation of apps from third-party sources in Android’s settings. By doing so, you will keep the device safe from the majority of Trojans that spread through ads and third-party sites.
2. Choose apps from trusted developers
A large company with a famous brand takes care not to distribute malware and tarnish its reputation, which is why it’s safer to download apps from well-known developers. You can look up the developer’s full name, list of published apps, and contact details in the extended app description in Google Play Store.
3. Check the rating and read user reviews
A high app rating in the store is a hallmark of a good, helpful, and safe app. You should still adopt a cautious approach, however: Sometimes fraudsters use Trojans to boost app ratings and publish fake user reviews.
That’s why a high app rating is not enough. User reviews are another important element. See if they seem to have been written by real people, not bots. Trojan-generated reviews are most often favorable and simply worded. Several identical reviews in a row is another red flag. In the case of trusted and truly popular apps, ratings seldom reach five points, and their user reviews are often detailed. You should probably also come across some negative reviews posted by users trying to get in touch with the developer to get app issues resolved.
4. Pay attention to permissions the app requests during installation
The system of permissions is an Android protection mechanism that controls how much freedom apps get. Permissions are used by apps to access specific functions and data (apps can do very little if permission has not been granted).
Read our blog post to learn what kind of permissions can be dangerous and what risks they pose. Most common dangers involve an app’s ability to collect your data (location, contacts, personal files) and perform certain operations such as taking photos or recording audio, sending messages, and so forth.
Before installing an app, carefully review the specific permissions it is requesting and evaluate these requests reasonably: Does the app really need these permissions — and why? Are the permission requests at all suspicious? In Android 6.0 or later you can also review, grant, or revoke permissions in device settings.
5. Use a reliable security solution
Whatever you intend to download, make sure that your device has a reliable security solution. There are two versions of Kaspersky for Android: the basic free version, which lets you scan apps manually, and the extended commercial version, which scans automatically.
An informed approach is what all these rules have in common. Before installing an app, ask yourself: Do you really need it? Do you trust its source? Do its permission requests seem reasonable? If you approach app choice with good common sense and some education on security issues, you will not have to worry about usability and digital safety.