How to Stay Safe & Avoid Viruses on Your Mobile Phone

Smartphones are gradually overtaking PCs and laptops as our primary computing platforms. With their speedy quad-core processors, advanced display technologies and powerful operating system software, the smartphone has now become a device through which we conduct day-to-day commerce, online banking and healthcare. Our smartphones are also known to interface with a range of other electronic devices including televisions, cars, vacuum cleaners and more.

With many smartphones now containing reams of personal data and regularly being used for sensitive things such as online shopping, banking and healthcare, it’s never been more important to think about the smartphone security. A vital part of this is ensuring that you stay away from malicious applications and that your phone remains free from viruses.

In this article, we discuss how to keep your phone safe and free from viruses.

Stick to Official Application Stores

Regardless of whether you’ve got an iPhone, Android or BlackBerry, your mobile phone operating system will come with its own official app store. Official app stores include App Store on iPhone, Google Play on Android, App World on BlackBerry and Marketplace on Windows Phone. These are typically available through an icon on your smartphone’s main navigation menu.

Whenever possible, we recommend getting your applications from one of these official stores. Whilst it’s possible to get your apps from elsewhere (for example by downloading an .apk file on Android), you may be more likely to come across malicious software or viruses elsewhere. Official application stores tend to be safer as they have review processes: Apple review each application manually before it’s made available on the iTunes App Store whereas Google use automated software dubbed ‘Bouncer’ to test for malicious software. This isn’t foolproof, however, and things can still get through so we still recommend exercising some caution.

Once you’ve found an application on your phone’s app store (see screenshot on right), we recommend checking the following things:

• Check the name of the developer of the software. This can be a dead giveaway for malicious applications. Make sure you grab the correct application from the official developer: for example the Facebook application should be from “Facebook”, the Google Maps application from “Google Inc.” and Angry Birds from “Rovio Mobile Ltd”. Applications from top developers will also have a blue badge next to their name.
  
  
• Check the number of downloads the application has had. This gives you an indication of how long it has been available and how many other people have tested it. Generally it should be fairly safe to install applications which have had over 100,000 downloads.
  
  
• Check the star rating of the application. By sticking to applications with a high rating, you can keep yourself away from badly written, buggy and malicious applications. We recommend applications with a rating of at least 3 out of 5.
  
  
• Check the comments and reviews. If it’s a malicious application, there will often be negative comments or reviews.
  
  
• Find an official link. For particularly sensitive and important applications such as online banking, it is recommended to follow a link to the download page from your bank’s official website. This will ensure that the application you’ve downloaded is the official one.

Check Application Permissions

Android runs every application in its own sandbox environment. Rather than giving every application full control over your entire device, each application must request those permissions individually during installation. You should pay close attention to the requested permissions when installing a new application - this can go a long way to keeping you out of trouble.

Pay careful attention to the required permissions when installing a new application.

In particular, you should keep an eye out for applications that request the ability to send text messages and make phone calls. You should also be wary of applications that request access to read your SMS text messages, the contents of your SD card and address book. Whilst there are legitimate uses for these permissions, it’s worth asking yourself whether the applications really need them.

For example, a torch light application shouldn’t request to access your text messages – this is a clear warning sign of a malicious application. Similarly, pay careful attention to applications that request access to the internet. Whilst there are many legitimate reasons for applications to access the internet, they can also use this privilege to “phone home” with your personal information.

Avoid Jailbreaking and Rooting Your Phone

Mobile phone manufacturers typically restrict what you can do with your phone for security purposes. For example, you typically won’t be able to modify the operating system software nor will you be able to access key system files. By limiting what you can do on your phone, manufacturers can help to protect your security and personal information.

The process of circumventing these restrictions is called “jailbreaking” (iPhone) or “rooting” (Android). By jailbreaking or rooting your device, you can remove the restrictions that prevent you from unlocking, sideloading custom applications or installing custom ROMs (customised operating system software) on your device. Whilst this can be a boon for power users who like to customise every aspect of their phone, rooting and jailbreaking can also introduces significant security risks too.

By rooting or jailbreaking your handset, you remove many of your phone’s built-in security safeguards. This can allow malicious applications to burrow themselves into the operating system and take over your phone. Examples include the “Rick Astley” iPhone worm which took advantage of a vulnerability in jailbroken iPhones to change the user’s wallpaper to Rick Astley. A much scarier example is an Android hack whereby researchers were able to break into the Google Wallet NFC payment system on a rooted Android device. With this vulnerability, hackers could potentially access your credit card data and purchase history.

Download an Anti-Virus Application

As an extra layer of protection for your smartphone, consider downloading an anti-virus application. Anti-virus applications can scan all of the applications that you download for malicious code and known viruses. There are over 20 anti-virus applications to choose from but popular ones include Avast, McAfee Mobile Security, Kapersky Mobile Security and Lookout. Many of these apps also include additional features such as the ability to remotely track your phone if it gets lost or stolen. PC Advisor has a great comparison and review of the main Android anti-virus apps.

Update your Operating System regularly

To ensure that any known security vulnerabilities are closed off on your device, you should update the operating system software on a regular basis. You can do this by connecting your phone to a computer and running the relevant update software (e.g. Apple iTunes, Samsung Kies). Alternatively, you may be able to perform an over-the-air (OTA) update through the ‘Settings’ menu on your phone.

Unfortunately, it is not always possible to update to the latest version of Android on all devices. This is due to incompatibilities caused by user interface layers and customisations such as TouchWiz and Sense UI. This is one common criticism of Android device manufacturers who do not provide timely software updates.

Your thoughts…

In this article, we’ve discussed five key ways to keep your smartphone safe from malicious applications and viruses.

Have you had any experiences with malicious applications on your phone? What are your top tips for keeping your phone safe and secure? Have you jailbroken or rooted your device? If so, are you worried about the security implications? We’d love to hear your thoughts… please drop us a comment below and let us know what you think!

Ken Lo writes about mobile technology and the mobile industry at Ken's Tech Tips.