Android Virus Epidemic: Is Your Phone Infected?

This isn't intended to be one of those local TV news scare stories about the lurking deadly dangers of something otherwise innocuous – "Killer Power Car Windows!"

But the truth is, there are nefarious forces filling your Android smart phone with nasty viruses that can at least destroy your data and at worst steal your personal information.

Just how much danger are you and your Android phone in?

Juniper Networks reports a whopping 472 percent jump in malware (a portmanteau of "malicious software") in just the last five months. We may be talking about more than 10,000 malware programs lurking about.

According to a recent malware report from security software maker McAfee:

Last quarter the Android mobile operating system (OS) became the most "popular" platform for new malware. This quarter Android became the exclusive platform for all new mobile malware...Android is clearly today's target.

One prominent example: Last March, a piece of malware called DroidDream (aka Myournet) affected 50,000 users.

This malware epidemic will get worse before it gets better. As in all things, the criminals are smarter at figuring out how to wriggle through security holes than the good guys are at closing them – especially since many of the malware hackers commit their programmed chicanery outside of our jurisdiction.

Again, I don't mean to scare you, but this Android malware epidemic is a real and growing problem, and you ought not ignore it because it's not going away.

How do you get infected?

While there are semantic differences between "malware" and "virus," the two are essentially interchangeable – nasty things capable of (among other things):

• stealing private data from your phone such as bank account passwords, email addresses, etc.
• erasing your phone's data, such as all your Gmail
• eavesdropping on your communications
• sending spam email or text messages under your name
• "bricking" – disabling – your device

Malware and viruses can get onto your phone in a variety of ways, but the most common delivery method – and easiest to avoid – is via apps you download.

Hackers create realistic-looking Android apps that seem perfectly harmless – but are actually like grapeshot, a projectile that, once launched into your phone, explodes with shards of digital nastiness.

More malicious are cloned apps. Hackers download real apps, deconstruct them, load them up with viruses and malware, then repost them into the Android Market. (You'll see many versions of Angry Birds, for instance – the only legit ones are from Rovio Mobile.)

You can find out a lot more about the varying threats and the forms they take ("phishing," "Trojan horses," "botnets") by reading the Lookout Mobile Threat Report or the Juniper Networks Malicious Mobile Threats Report.

And here's a handy infographic on the topic, a segment of which is featured above.

What about iPhone?

You'll notice I seem to be picking on Android. That's because there is essentially no malware threat to your iPhone.

Why?

Android is an "open" standard – anyone can (and obviously does) play.

"The openness of the Android platform and ecosystem makes it easy for vendors to build products," notes Chris Jones, principal mobility analyst for the Canalys market research company. "There is no license fee and no review process, which means a lot of apps are going in there that are potentially threatening to the consumer."

Apple, conversely, is a "closed" ecosystem. The iTunes App Store is "curated" – Apple screens requests for its iOS Software Development Kit (SDK), and then examines and tests each and every one of the 400,000-plus apps in its App Store. Apple has been remarkably vigilant in keeping iPhones safe from evil-doers.

An iPhone is vulnerable only to these malware threats if you stupidly "jailbreak" it – digitally overriding Apple's iOS' limitations to install non-authorized apps and perform unauthorized functions. Jailbreaking your iPhone is akin to opening the front door to your home, then putting a big neon arrow above it with the message "ROB ME!" Don't even GO to a Web site with instructions for jailbreaking – these sites may contain malware.

Infection prevention and cures

First and foremost, you can easily avoid downloading malware-infected apps – don't download anything from a "vendor" that doesn't have a legitimate Web site, a low rating, or has a small number of downloads.

But there are other ways malware-infected apps can get onto your phone other than through apps. When browsing the Web on your phone, you may unwittingly hit a link that surreptitiously downloads a malware-filled app. Or, you may unwittingly hit a link in an email that triggers a malware download.

If you see an icon for an app you've never seen before, uninstall it using the Applications settings in Settings (dragging it to the trash only removes the app's icon, not the app itself). You can completely uninstall an app via the Manage Applications Settings–Applications option.

In some versions of Android, you can uncheck a box in Settings–Applications to restrict installation of non-Android Market applications.

But your best protection is anti-virus/anti-malware software.

"Mobile security software is the same as sun screen – make sure it blocks both UVA and UVB rays," metaphorically advises Kurt Scherf, VP & principal analyst and market research firm Parks Associates. "Mobile security protects and constantly scans for viruses, but also blocks incoming spam texts and offers a degree of privacy protection."

Three of the big four carriers have given their imprimatur to MyLookout; the app is preloaded on newer Android phones sold by T-Mobile (you still have to activate it – it's the app with the green shield icon), and Verizon and Sprint feature MyLookout in their sections of the Android Market.

MyLookout is free, and it also backs-up your contacts, restores lost data and will find a lost or stolen phone.

My favorite MyLookout feature: even if your lost/stolen phone is muted, via the Web you can activate a loud siren that'll shriek for a minute. Not only does this make it easy to find in case your phone fell under or behind something in your home, but you can keep the siren blaring to drive a would-be thief to distraction.

You can upgrade to a MyLookout Premium version for $29.99 a year (or $2.99 a month) to block other mobile maliciousness. Both the free and premium versions can be downloaded from the Android Market.

Another excellent anti-virus/anti-malware is BullGuard Mobile Security 10, also $29.95 a year. Among its protective attributes, BullGuard lets you remotely wipe sensitive data off your lost/stolen phone.

You can read ratings and reviews of other security programs from Top Ten Reviews from publisher Tech Media Network here and from AV-Comparatives here. CNET has warned against free non-name security apps (Lookout and Norton, for instance, were excluded from the reported AV-Test test).

But the important thing is, choose one before you and your Android phone become a malware casualty.