The recent malware attack through Android Market left users disoriented. It all began in the month of February, when some applications such as Bowling Time and Dice Roller were posted on Android Market, and it was later discovered that the apps were actually trojans. Once these apps were installed, they kept a backdoor in the Android smartphones open so they could download more malware from the internet.
There were a total of 58 such apps which had been removed by Google as on March 1. According to estimates, about 260,000 Android phones had already been infected by that time. Google also assured users that the apps accessed only IMEI numbers of phones and other personal information was not compromised.
An underlying problem still remains in phones; only the package of the bug has been removed. The security hole created by malware apps still remains. The fact that these apps were getting root access (meaning they could modify the system files) makes the matter even more complicated.
Another complicated part is the number of customised Android builds available in the market, since each handset manufacturer creates its own version of Android operating system. Despite the release of an updated version of Android, there are still several handsets which run an older version of the OS, and are still vulnerable.
If these phones have to be fixed, the updates first have to come from handset companies, which will be passed on to carriers and then to customers after another round of testing. The updates might end up affecting the network as well, so it’s highly unlikely that they will take a risk with the update.
Despite the diversity, there are some steps users can take irrespective of which Android phone they are using. The first and most obvious action is, users should not download anything outside the Android Market. The apps being downloaded, for example, may ask for access to users’ SMSs and contacts, which may sound very unreasonable if all it talks about is recipes or health advice.
However, there are several Android apps which are open all the time, especially the ones selected as widgets on the home screen. Use the task manager app to find out which of the apps are opening without any rhyme or reason, and remove them.
The users who root (get modify access to the system files) their phones to run some program actually end up removing protection around the phone kernel. Such phones are more susceptible to those malicious apps which ask for root access.
Other small steps users can take to secure their mobile devices include treating their phones more like computers, which they actually are. Avoid visiting unknown places from the mobile phone browser, and unknown links should not be clicked on either.
Fraudulent apps can also be identified by their file images or simply by their names. Last but not least, it is important to install a security software (or antivirus), as users already do on their desktops or laptops.