Sunday, 19 June 2016

Protect Your Android Phone From Malware

Protect Your Android Phone From Malware

Security software for Windows is now on Android, but which apps are best, and what are the risks? Roland Waddilove investigates

Is your Android phone or tablet at risk from malware? There are frequently reports of viruses, trojans, spyware and other security flaws in Android, but just how bad is the situation really? If you’re worried about the security of your Android device, there are a wide range of apps that aim to protect you from the ever increasing variety of malware that is spreading around the world.


There are many new players in the market, but familiar companies from the Windows PC security scene are also getting into mobile security. This is because headlines about the latest Android malware to hit mobile phone users are common, and rarely a month goes by without a news story breaking. It seems that security software is needed.

Android might appear to be as riddled with malware as Windows, but the reality is a bit different to the headlines that are designed to grab readers and attract web page clicks. Many Android phone and tablet users have never seen a virus, trojan or other malware on their devices. This is not to say that it does not exist – it does – but a lot depends on your device configuration and where you get your apps from.

Most Android malware exists outside of the Google Play store. If you only ever install apps from the official source, then you’re not likely to encounter any malicious apps or spyware. This doesn’t mean it’s impossible and that you don’t need to be wary of what you install.

There have been cases of malware getting into the store in the past. Malicious apps were not there long, and they were removed soon after they became known, but this did not prevent them from being downloaded by many users. Just as with Windows, 99% of apps are safe, but it’s the 1% of bad ones you have to worry about. If you’re among the first to try a new app, you could discover that it’s malware. Don’t rush to install newly released apps. Wait to see if problems are reported.

It’s possible to configure Android phones and tablets within Settings to load apps from other sources, and there are several alternative stores and websites around the world that distribute apps. These are the most likely places that malware is found. The apps are not tested as thoroughly as those in the official Play store, and bad apps are often found in circulation. Avoid alternative sources of apps, and stick to the Play store, and you’ll avoid most Android malware.

Types Of Android Malware


A malicious app is one type of malware, and with the right permissions, it could access any part of the phone, such as text messages, calls, websites and services, contacts, personal information and accounts. The problem is that no one ever bothers to read the permissions of an app when it’s installing.

Prior to Android 6, an app would present a permissions list, but your only option was to accept them all or not install the app. Most people would ignore the permissions and install the app, which gave apps unrestricted access to features and information that could then be used or shared. The situation has improved slightly since Android 6, and you can now check app permissions at any time and enable or disable access to features and functions. How many people do this, though? Most people install an app and then use it without bothering to check permissions, let alone revoke them.

There are fake apps in alternative app stores. They pretend to be well-known apps like Facebook and others, but they’re either outright malware or they provide the real app but also install malware at the same time. Many paid apps appear to be free, but some cracked apps harbour malware, and you won’t realise until it’s too late and it’s installed on your phone or tablet. Steer clear of these alternative apps stores and websites.

Text messages on your phone can contain links to websites, and these could then infect your device with malware. Beware of links in texts unless you’re absolutely sure they’re safe. You might see a text claiming there’s a problem with a website or service you use, such as your bank, PayPal, Google account, email and so on. They might ask you to tap the link and log into your account. It’s an old phishing scam that originated on the PC, and now it’s being exploited on mobile phones.

Tapping a link in a text message could display a page that looks like a genuine message. For example, it might show a fake Android update screen, an app update screen or something similar. It looks real, so you tap the button or link to continue, and that gives the malware permission to install. Never tap links in text messages.

From Windows To Android


Although there are some new developers of security software for Android phones and tablets, many companies experienced with Windows security software have turned their attention to Android, so names you’re familiar with on PC are also on Android.

AVG, Norton, Avast, Kaspersky, Avira and others will all be familiar to you from their PC security software. All these companies have Android security apps, and the good news is that many of them are free. Let’s take a look at these apps and see what they offer for Android users. They can all be found in the Google Play store.

AVG AntiVirus Free for Android
Rating: 7

AVG is one of the most popular of the free security programs for Windows, and many people use it to protect their PC. The Android version is also free and is supported by adverts in the app. However, you can pay to upgrade to an ad-free version.

The home screen has a large scan button in the centre, and a scan seems to take no more than 30 seconds, which is quick. A daily or weekly scan of the Android device can be scheduled, with three levels of scanning sensitivity: Low, High (the default) and Extra Sensitive. In addition to checking for bad apps, Safe Web Surfing checks website URLs, and you’ll be prevented from going to known bad sites. This only works with Chrome, not other browsers you might install.

There are a number of other features, such as a call blocker. Your phone should be able to block numbers anyway, but if it doesn’t, then you can do it in AVG. There’s an anti-theft feature that enables the location of a lost phone to be shown on a Google Map. It’s then possible to remotely lock it, display a message to the finder or thief, then remotely wipe it, and it can email a photo of anyone who tries to enter the device password and gets it wrong three times. A task killer enables you to close apps in the background, and there’s a power saving mode when the battery level is critical.

AVG AntiVirus Free for Android works well and should provide good protection. It either does not check the permissions of apps or does not report them, so although it might detect malware if you tried to install it, it might not detect possible security flaws from apps with too many permissions.

Avast Mobile security
Rating: 8

Avast is a major player in the Windows PC security market, and millions of people run the company’s anti-virus and internet security products. You can run Avast on your Android phone and tablet too, and just as there’s a free PC version, there’s a free Android version. Like other free apps, there are ads and suggestions to install more Avast apps.

Five icons across the top of the screen provide access to the various parts of the app. The first two just promote other Avast apps, but the middle one is used for the home screen. It displays the current status and a green tick, and ‘You are safe’ confirms that your phone or tablet is fine. Scanning the device is fast, taking around 30 seconds to complete.

The fourth icon is for checking the wi-fi network. It examines the router password, security settings, encryption, vulnerabilities and so on, and if there are any problems, then it will display them with suggested fixes, like installing Avast’s VPN if you’re at a public wi-fi hotspot, turning on wi-fi encryption with a password if you’re at home. The app displayed very good instructions for doing this, with a variety of popular routers.

The final icon at the top of the screen provides access to a collection of tools. Apps can be locked with a PIN to prevent anyone from using them, and there’s a call blocker and a firewall, although that requires a rooted device. The privacy advisor lists all the apps installed, and you can select an app and see the permissions and ad networks it uses. Sometimes the information is very useful and you can see exactly what an app is doing, but other times it displays nothing.

Kaspersky Internet Security
Rating: 9 (paid version)

Everyone is familiar with Kaspersky’s security software, and it regularly does well in anti-virus protection tests. If you use the desktop software, you might want to match it with security software on your mobile or tablet too.

Kaspersky Internet Security for Android can operate in free and premium modes. There’s just one app, and you can try all the features for 30 days, after which the premium features are disabled, and you can continue with the free features. The free version offers less than some free security apps, but the premium version offers more features for £9.99 a year.

The home screen has a large shield with a green tick if everything is okay, and down at the bottom is a button to scan for malware. Unlike some rivals, there are several options. There are quick scan, full scan and folder scan options. A full scan of everything everywhere took less than four minutes, and a quick scan of apps took around one minute. That is longer than AVG and Avira, but it’s still fast compared to scanning a PC.

Real-time protection is a premium feature, and this scans apps as you download them. You can always manually scan using the free version before running a new app for the first time. Web protection, anti-phishing in text messages and privacy protection are all available to premium users, but not in the free version of the app. Anti-theft is free, so if your phone is lost or stolen, you can go online and find where it is, remotely lock it and so on.

Kaspersky Internet Security has a great range of features and more configuration options than others. It even supports Android Wear, so you can say to your smartwatch ‘Scan’, ‘Update’ or ‘Find’ in your best James Bond voice. The best features of this app require an annual £9.99 fee.

Avira Antivirus Security
Rating: 9

Avira provides free and paid security software for Windows PCs and also for Android. The Avira Antivirus Security app works in free mode initially, but you can upgrade to the Pro version with extra features by paying £6.99 a year. That works out as 58p a month, which is nothing for security for your Android phone or tablet.

The free app is surprisingly full featured, with hardly anything left out. The scanner is quick and took under a minute to complete. There are options to scan for adware, potentially unwanted applications and riskware. Riskware refers to apps that are not necessarily bad themselves, but which reduce the security or privacy of the device. Automatic scans can be scheduled to take place on any or all days of the week at a time of your choosing.

Anti-theft is available, and it works in the usual way. You can track your device and see where in the world it is, and remotely lock it or wipe it. Avira SafeSearch uses Chrome, but searches are performed at search.avira.net. This enables the results to have a green badge to show that they’re safe. Identity Safeguard can monitor your email and contacts to see if they’ve been hacked, and Blacklist can block any contact.

The Privacy Advisor is disappointing. It lists apps according to their permissions without regard to whether they are safe or not. Most apps are listed as high risk, even LastPass, PayPal, Google Docs, Calendar and Photos, and many others. It’s then left to you to decide whether to mark them as trustworthy.

Avira Antivirus Security is an excellent free app for your Android phone or tablet. Paying gets you more frequent updates, secure web browsing and more frequent updates, but the free version is probably sufficient for most people.

Norton Security and Antivirus
Rating: 9 (paid version)

Many Windows users trust the security of their computer to Norton, and the company is one of the oldest in the security market. The Android app is free, although there are premium features. However, there are some very good deals to be had on the Norton website (uk.norton.com). For example, Norton Security Deluxe for five devices is £29.99, and this means any combination of Windows PCs, Apple Macs, and Android phones and tablets. That is a bargain and is worth considering when you’re next renewing your security software.

The Android app scans the system quickly. In our test, it finished in under a minute like the others. It was disappointing to see that it found problems. The App Advisor found four high risk apps, but when they were listed, they were only Spotify, BBC Media Player, Starbucks and a Microsoft app. Medium risk apps included LastPass, Google Docs, Sheets, Photos and others. There are options to set them as trusted or to uninstall them. It’s a bit pointless labelling wellknown apps as risky, and it just spreads fear and doubt.

The best feature, and one that no other security app has, is the App Advisor for Google Play. As you browse apps on the Google Play store, a message is displayed at the bottom of the screen indicating whether it’s risky. Nearly every time it said no risk, but occasionally it said no information. No risky apps were found, but with a million apps in the store, there may by some.

Web protection is provided, which stops Chrome going to known fraudulent websites. There’s also the usual anti-theft feature that remotely tracks your phone and enables you to wipe or lock it, and there’s call blocking and contacts backup.

Safe Web Filtering and App Advisor are premium features that stop working after 30 days unless you subscribe for £14.99 a year. It would be better to get the five-device protection deal from the Norton website, though.