The media is full of reports saying Android malware is exploding and that Android users are at risk. Does this mean you should install an antivirus app on your Android phone or tablet?
While there may be a lot of Android malware in the wild, a look at Android’s protections and studies from antivirus companies reveals that you’re probably safe if you follow some basic precautions.
Android Already Checks For Malware
Android itself has some built-in antivirus features. Before considering whether an antivirus app is useful, it’s important to examine the features Android already has:
- Google Play apps are scanned for malware: Google uses a service named Bouncer to automatically scan apps on the Google Play Store for malware. As soon as an app is uploaded, Bouncer checks it and compares it to other known malware, Trojans, and spyware. Every application is run in a simulated environment to see if it will behave maliciously on an actual device. The app’s behavior is compared to the behavior of previous malicious apps to look for red flags. New developer accounts are particularly scrutinized – this is to prevent repeat offenders from creating new accounts.
- Google Play can remotely uninstall apps: If you’ve installed an app that is later found to be malicious, Google has the ability to remotely uninstall this app from your phone when it’s pulled from Google Play
- Android 4.2 scans sideloaded apps: While apps on Google Play are checked for malware, apps that are sideloaded (installed from elsewhere) were not checked for malware. On Android 4.2, when you first try to sideload an app, you’ll be asked whether you want to verify sideloaded apps are safe. This ensures that all apps on your device are checked for malware.
- Android 4.2 blocks premium rate SMS messages: Android 4.2 prevents apps from sending premium-rate SMS messages in the background and alerts you when an app tries to do this. Malware creators use this technique to rack up charges on your cell phone bill and make money for themselves.
- Android restricts apps: Android’s permission and sandboxing systems helps limit the scope of any malware. Apps can’t sit in the background and watch every keystroke or access protected data, such as your online banking credentials from your bank’s app. Apps must also declare the permissions they require at installation.
Where Does Malware Come From?
Prior to Android 4.2, the majority of Android’s anti-malware features weren’t actually found on Android devices themselves – the protection was found in Google Play. This means that users who download apps from outside the Google Play store and sideload them are more at risk.
A recent study by McAfee found that over 60% of Android malware samples they received were from a single family of malware, known as “FakeInstaller.” FakeInstallers disguise themselves as legitimate apps. They may be available on a web page that pretends to be an official website or on an unofficial, fake Android Market with no protection against malware. Once installed, they send premium-rate SMS text messages in the background, costing you money.
On Android 4.2, the built-in malware protection would hopefully catch a FakeInstaller as soon as it’s sideloaded. Even if it didn’t, Android would alert the user when the app tried to send SMS messages in the background.
On previous versions of Android, you can protect yourself by installing apps from legitimate sources, such as Google Play. A pirated version of a paid app offered on a suspicious website may be stuffed with malware – just like on Windows.
Another recent study by F-Secure, which found that Android malware was exploding, found a scary-sounding 28,398 samples of Android malware in Q3 2012. However, only 146 of these samples came from Google Play – in other words, only 0.5% of malware found was from Google Play. 99.5% came from outside Google Play, particularly on unofficial app stores in other countries where no checking or policing for malware is done.
Do You Need an Antivirus?
These studies indicate the majority of malware comes from outside the Google Play store. If you only install apps from Google Play, you should be fairly safe – especially if you check the permissions an app requires before you install it. For example, don’t install games that require permissions to send SMS messages. Very few apps (only apps that interact with SMS messages) need this permissions to function.
If you only install apps from Google Play, you shouldn’t need an antivirus. However, if you regularly sideload apps from outside Google Play, you should probably install an antivirus app just to be safe. Of course, it’s generally best not to sideload suspicious apps in the first place. There are exceptions, such as installing apps from the Amazon Appstore, downloading games you’ve purchased from the Humble Indie Bundle, or installing the Swype keyboard from Swype’s website, but you probably shouldn’t downloaded pirated games from suspicious websites – of course, that’s just common sense.
If you do want an antivirus, there are some good free options. avast! Mobile Security for Android is particularly well-reviewed and is completely free.
Antivirus Apps Have Other Features
However, this isn’t the end of the story. Android antivirus apps are often full-featured security suites. They often include other useful features, such as a “find my Android” feature you can use to remotely find your Android phone if you lose it or if it’s stolen. This is particularly useful, as it’s not built into Android.
Apps may also offer other useful features. For example, avast! offers a “Privacy Report” feature that sorts your installed apps by permission so you can see if you have any apps that require too many permissions. avast! also offers a firewall that allows rooted users to block certain apps from accessing the Internet.
If you want any of these features – particularly the “find my Android” anti-theft feature – an Android security app can still be useful.
As long as you stick to apps from Google Play, you probably don’t need an antivirus – especially if you’re using Android 4.2 or later. The majority of Android malware comes from third-party app stores and apps downloaded from suspicious websites. To be extra safe, check the permissions of apps you install.
Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.
- Published 11/27/12