Earlier this week the first SMS Trojan for Android phones was detected by Russian security firm Kaspersky Labs. A prompt to download an app called ‘Movie Player’ appeared in the notification bar of victim’s phones. Once installed the virus would send out text messages to premium rate numbers, with the victim having to foot the bill.
Luckily the virus – now referred to by Kaspersky as “Trojan-SMS.AndroidOS.FakePlayer.a” – appears to be confined to Russian mobile networks so hopefully we won’t see it in the UK. Also it doesn’t look like the fake app can be accidentally downloaded from the Android Market, so there’s no worries to be had there. That’s not to say that you shouldn’t be careful what you download and install on your phone. We’ve put together a quick guide of how to best way to prevent your Android phone from trojans and malware.
Install a security app
The first step to safeguarding your Android phone is to download a dedicated security app. Lookout Security, MyAntiVirus Pro and Super Security scan apps from the Android Market as you install them and allow you to perform manual scans of everything on your phone.
Any malware, dodgy apps or other risky items will be highlighted by the apps and you’ll be given the option to delete them from your phone.
Lookout Security and Super Security both give you the option to save contacts and pictures to a remote server. So that in the event of your phone getting stolen or picking up a virus which requires a factory reset of the phone, you can get all of your old stuff back.
Check app permissions before installing
Even with a security app running under the hood, we’d advise you to be prudent about what you download from the Android Market all the same.
Before you install an app from the Android Market, you’ll be given a list of your phone’s features the app has access to. Things like your GPS location, audio settings, memory card settings, when you’re using your phone to make a call, access the internet or send a text. These appear in orange text and have an exclaimation mark icon next to them.
To review permissions of apps you’ve already installed on your phone, go to Settings > Applications > Manage Applications.
The offending TrojanSMS FakePlayer app caught by Kaspersky had the “Services that cost you money (send SMS messages)” permission checked prior to you installing it. So if you download a wallpaper or theme app that wants to modify your SD card and know when you’re calling and texting people you have every right to be suspicious.
Of course some apps require certain phone functions to work. Google Maps for example needs to know your location otherwise it can’t do it’s job. Just because an app wants to know when you’re using your phone to call someone, or when you’re connected to the internet doesn’t mean you shouldn’t trust it. Think about what the app does before installing it and ask yourself whether or not the permissions are valid.
Check for unknown sources
Sometimes you’ll want to install apps and files on your phone from outside the Android Market – from a developer’s site for example. In order to do this, you’ll need to head into Settings > Applications and check the ‘unknown sources’ box to allow installation of non-Market apps. Be aware that doing this leaves you vulnerable to damage caused to your phone. When you check the ‘unknown sources’ box, your Android phone will remind you that you are responsible for any loss of data or damage caused as a result of installing apps from outside the Market.