Q: Is it time for me to install security software on my smartphone? — Trent
A: In case you haven’t noticed, the smartphone is becoming one of the most popular electronic gadgets of all time and the adoption rate around the world is climbing quickly (currently estimated at over 20 percent of all cell phones worldwide).
When you combine the popularity of smartphones with the fact that average usage is extremely high (because of their mobility), you can bet that the attempts to exploit users is going to continue to grow.
The biggest exposure point for smartphone users at this point is in the installation of apps; browser-based exploits are uncommon and easily blocked so far.
We have already seen several cases of smartphone apps laden with malware (malicious software) sneaking their way into both Apple’s App Store and Google’s Android Marketplace.
The term “virus” really needs to be replaced with “malware” since the exploitation attempts that we are seeing don’t have the ability to spread from smartphone to smartphone like a computer virus can. Smartphone exploitation generally centers around getting at the private information that makes the smartphone a target rich environment for hackers (contacts, passwords, e-mail accounts, etc.).
There are significant differences between how iPhone and Android users access apps to install on their smartphones, but how and where you get your apps can greatly increase your chances of being exploited. Apple only allows apps to be installed via iTunes and the App Store (unless you “jailbreak” or remove the controls) and they are very particular about what they will allow in the App Store. This controlled “walled garden” approach is one of the reasons that many techies prefer Google’s Android platform, but it does provide a significant level of security.
Android is a much more open platform that allows users to install apps from Google’s Marketplace or from lots of other places, but this openness also exposes users to more risk.
Both Apple’s App Store and Google’s Marketplace have had apps with hidden malware sneak past their review processes and make it onto user’s smartphones, but in general it’s rare.
Google recently removed over 50 apps from the Google Marketplace that were found to have malware hidden in them and then did something very interesting: they flipped on their remote kill-switch to delete the apps from the affected smartphones (Apple also has this ability).
The reality is, however, once an app gains access to your information, it can send it off to a remote server, which means even if the app is removed, the damage could already be done.
iPhone users that jailbreak their phones and install apps from third parties stand a much higher risk of installing a rogue app, because the review process by Apple is bypassed and there would be no remote removal if a rogue app is discovered.
Novice Android users should stick to getting their apps from the Marketplace and, in general, avoid apps that are very new and have very few reviews. If you have an Android-based smartphone and love to experiment with apps, you may want to consider installing a free security program called Lookout (http://goo.gl/3COld). Not only will it warn you of potential spyware and malware, it offers backup, a lost-phone locator and remote wiping features.
Mobile security experts also recommend that you get in the habit of clearing your smartphone’s browser history and cookies to minimize the exposure should you install an app with malware (also helps if you lose your phone or it gets stolen — check in the Settings menu for your options).
The best way to protect your smartphone is to make sure to install updates as quickly as you can (the latest protection is usually a big part of an update) and avoid installing apps from sites that you don’t know much about.
• Ken Colburn is president of Data Doctors Computer Services and host of the “Computer Corner” radio show, noon Saturdays on KTAR 92.3 FM or at www.datadoctors.com/radio. Readers may send questions to email@example.com.